CVE-2024-45032 CRITICAL

CVE-2024-45032

Vendor Siemens
Product Industrial Edge Management Pro
Weakness CWE-639 · IDOR
Published September 10, 2024
Last update September 10, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated