CVE-2024-54092: A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All...
Description
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires tha...
Classification
CVE ID: CVE-2024-54092
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-1390: Weak AuthenticationAffected Products
Vendor: Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens, Siemens
Product: Industrial Edge Device Kit - arm64 V1.17, Industrial Edge Device Kit - arm64 V1.18, Industrial Edge Device Kit - arm64 V1.19, Industrial Edge Device Kit - arm64 V1.20, Industrial Edge Device Kit - arm64 V1.21, Industrial Edge Device Kit - x86-64 V1.17, Industrial Edge Device Kit - x86-64 V1.18, Industrial Edge Device Kit - x86-64 V1.19, Industrial Edge Device Kit - x86-64 V1.20, Industrial Edge Device Kit - x86-64 V1.21, Industrial Edge Own Device (IEOD), Industrial Edge Virtual Device, SCALANCE LPE9413, SIMATIC IPC BX-39A Industrial Edge Device, SIMATIC IPC BX-59A Industrial Edge Device, SIMATIC IPC127E Industrial Edge Device, SIMATIC IPC227E Industrial Edge Device, SIMATIC IPC427E Industrial Edge Device, SIMATIC IPC847E Industrial Edge Device
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.2% (probability of being exploited)
EPSS Percentile: 42.86% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-54092https://cert-portal.siemens.com/productcert/html/ssa-634640.html
https://cert-portal.siemens.com/productcert/html/ssa-819629.html