Authentication Bypass in Industrial Edge Management Products by Siemens
CVE-2026-33892

5.1MEDIUM

Key Information:

Vendor: Siemens
Status: Industrial Edge Management Pro V1; Industrial Edge Management Pro V2; Industrial Edge Management Virtual
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-33892?

A vulnerability exists in the Industrial Edge Management suite affecting versions between specified thresholds that fails to properly enforce user authentication on remote connections. This flaw could enable unauthenticated remote attackers to bypass authentication mechanisms and impersonate legitimate users, risking unauthorized access to sensitive systems. Successful exploitation hinges on the attacker's knowledge of the specific header and port used for remote connections, as well as ensuring that the remote connection feature is active on the target device. Despite this flaw, security measures in the device, such as application-specific authentication, remain intact.

Affected Version(s)

Industrial Edge Management Pro V1 V1.7.6

Industrial Edge Management Pro V2 V2.0.0

Industrial Edge Management Virtual V2.2.0

References

https://cert-portal.siemens.com/productcert/html/ssa-6094...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 24, 2026

CVE-2026-33892 Data

JSON