TLS Certificate Validation Flaw in Industrial Edge Management by Siemens
CVE-2022-40147

7.4HIGH

Key Information:

Vendor: Siemens
Status: Industrial Edge Management
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-40147?

A vulnerability has been identified in the Industrial Edge Management software by Siemens, where it fails to properly validate the server certificate when establishing a TLS connection. This oversight can enable an attacker to spoof a trusted entity, potentially compromising communication between clients and servers. Users running versions prior to V1.5.1 are at risk, as this could allow unauthorized access and manipulation of sensitive data during transmission.

Affected Version(s)

Industrial Edge Management All versions < V1.5.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-64985...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 7, 2022