Full Report
Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Weak Authentication Bypass in Siemens Industrial Edge Devices
## CVE Details
- CVE ID: CVE-2024-54092
- CVSS Score: 9.8 (Critical) using v3.1; 9.3 (Critical) using v4.0
- CWE: CWE-1390: Weak Authentication
## Affected Systems
- Products:
- Industrial Edge Devices (General)
- Industrial Edge Own Device (IEOD)
- Industrial Edge Virtual Device (IEVD)
- SCALANCE LPE9413 (6GK5998-3GS01-2AC2)
- SIMATIC IPC BX-39A Industrial Edge Device
- SIMATIC IPC BX-59A Industrial Edge Device
- SIMATIC IPC127E Industrial Edge Device
- SIMATIC IPC227E Industrial Edge Device
- Versions:
- IEOD: All versions < V1.21.1-1-a
- IEVD: All versions < V1.21.1-1-a
- SCALANCE LPE9413: All versions < V2.1
- SIMATIC IPC Edge Devices (BX-39A, BX-59A, IPC127E, IPC227E): All versions < V3.0
- Configurations: Exploitation requires that identity federation is currently or has previously been used on the affected device, and the attacker must know a legitimate user's identity.
## Vulnerability Description
The affected Siemens Industrial Edge Devices do not properly enforce user authentication on specific API endpoints when identity federation is utilized. This weakness allows an unauthenticated remote attacker, who knows the identity of a legitimate user, to successfully circumvent standard authentication mechanisms and impersonate that user.
## Exploitation
- Status: The advisory indicates the potential for exploitation but does not state if it is already exploited in the wild.
- Complexity: Low (CVSS AV:N/AC:L/PR:N/UI:N implies network accessible with low attack complexity, no user interaction needed).
- Attack Vector: Network
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- **Industrial Edge Own Device (IEOD) / Virtual Device (IEVD):** Update to version **V1.21.1-1-a** or later.
- **SCALANCE LPE9413 (6GK5998-3GS01-2AC2):** Update to version **V2.1** or later.
- **SIMATIC IPC Edge Devices (BX-39A, BX-59A, IPC127E, IPC227E):** Update to version **V3.0** or later.
### Workarounds
Specific workarounds and mitigations are mentioned in the advisory, requiring reference to Section [Workarounds and Mitigations] within the full Siemens SSA-634640 document for details, potentially involving configuration changes related to identity federation use.
## Detection
- Indicators of compromise (IOCs) are not explicitly detailed in this summary, but monitoring network traffic for unusual API calls directed at authentication endpoints without established sessions (if possible) related to the affected devices is recommended.
- Detection relies on knowing the deployed vulnerable versions and ensuring security monitoring covers network access to these Industrial Edge components.
## References
- Vendor Advisories: SSA-634640 (Published: 2025-04-08, Updated: 2025-07-08)
- Relevant Links:
- Siemens Industrial Security Information: hxxps://www.siemens.com/industrialsecurity
- Siemens ProductCERT Advisories Portal: hxxps://www.siemens.com/cert/advisories
- Siemens Terms of Use: hxxps://www.siemens.com/productcert/terms-of-use