Authentication Bypass Vulnerability in Industrial Edge Device Kit by Siemens
CVE-2024-54092

9.3CRITICAL

Key Information:

Vendor

Siemens
Status
Industrial Edge Device Kit - Arm64 V1.17
Industrial Edge Device Kit - Arm64 V1.18
Industrial Edge Device Kit - Arm64 V1.19
Industrial Edge Device Kit - Arm64 V1.20
Vendor
CVE Published:
8 April 2025

What is CVE-2024-54092?

A security issue exists in the Industrial Edge Device Kit, where devices fail to properly enforce user authentication on certain API endpoints when identity federation is in use. This vulnerability can allow an unauthenticated remote attacker to bypass security measures and impersonate a legitimate user. Successful exploitation necessitates that identity federation is currently or was previously enabled, as well as knowledge of a legitimate user's identity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Industrial Edge Device Kit - arm64 V1.17 0

Industrial Edge Device Kit - arm64 V1.18 0

Industrial Edge Device Kit - arm64 V1.19 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6346...
https://cert-portal.siemens.com/productcert/html/ssa-8196...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.