CVE-2024-45032 (CVSS 10): Siemens Issues Critical Security Patch for Industrial Edge Management
Siemens has released a critical security advisory for its Industrial Edge Management platform, warning of an Authorization Bypass vulnerability that could have serious implications for industrial networks. The flaw, identified as CVE-2024-45032, has been assigned the highest possible CVSSv4 score of 10, marking it as a severe security risk. This vulnerability could allow unauthenticated attackers to impersonate devices within the Industrial Edge ecosystem, compromising the integrity of connected systems.
Industrial Edge is Siemens’ comprehensive platform designed to bring cloud computing capabilities to the edge of industrial networks. It provides a scalable and flexible environment where Edge devices, Edge apps, and connectivity solutions work together, managed through a centralized system. This platform enables the deployment of powerful analytics, monitoring, and automation features directly within industrial environments.
The vulnerability exists in Industrial Edge Management, which oversees device management, connectivity, and application deployment across the Industrial Edge platform. Due to improper validation of device tokens, unauthenticated remote attackers can potentially impersonate any other device onboarded to the system. This opens the door to numerous attacks, from data manipulation to denial of service, potentially disrupting critical industrial operations.
Since the Industrial Edge platform manages a variety of industrial processes, successful exploitation could result in unauthorized control over industrial assets, leading to production halts, data theft, or even sabotage.
Several versions of Industrial Edge Management are affected by this vulnerability, including:
- Industrial Edge Management Pro: All versions below V1.9.5 are vulnerable.
- Industrial Edge Management Virtual: All versions below V2.3.1-1 are vulnerable.
Siemens has acted quickly to address the CVE-2024-45032 vulnerability, issuing new software versions that mitigate the risk. Users of affected products should immediately update to:
- V1.9.5 or later for Industrial Edge Management Pro
- V2.3.1-1 or later for Industrial Edge Management Virtual
These updates are available via the Siemens Industrial Edge Hub, and Siemens strongly recommends that all users update their systems as soon as possible to prevent potential exploitation.
