Industrial Edge Management Pro: Unauthenticated Remote Access to Devices

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.1

Industrial Edge Management Pro: Unauthenticated Remote Access to Devices

CVE-2026-33892

Summary

A security issue in Industrial Edge Management Pro allows an attacker to access devices without proper authentication. This could happen if the attacker knows the remote connection details. To protect your devices, ensure that remote connections are disabled when not in use and consider updating to the latest version of the software.

Original title

Original description

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.
This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.
Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.

Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.

nvd CVSS3.1 7.1

nvd CVSS4.0 5.1

Vulnerability type

CWE-305

https://cert-portal.siemens.com/productcert/html/ssa-609469.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026