216.73.217.22

CVE-2026-33892

· Published 14/04/2026 09:16 · Modified 14/04/2026 09:16

Labels: CVE-2026-33892 2026-04-14CVE-2026-33892CWE-305[email protected]

Essential information

Published
14/04/2026 09:16
Modified
14/04/2026 09:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / industrial edge management pro cpe:2.3:a:siemens:industrial_edge_management_pro:1.7.6-1.15.17:*:*:*:*:*:*:*
siemens / industrial edge management pro cpe:2.3:a:siemens:industrial_edge_management_pro:2.0.0-2.1.1:*:*:*:*:*:*:*
siemens / industrial edge management virtual cpe:2.3:a:siemens:industrial_edge_management_virtual:2.2.0-2.8.0:*:*:*:*:*:*:*

References