PatchSiren cyber security CVE debrief
CVE-2024-54092 Siemens CVE debrief
CVE-2024-54092 is a critical authentication-bypass issue in Siemens Industrial Edge Device Kit. When identity federation has been used, an unauthenticated remote attacker who knows a legitimate user identity may be able to bypass authentication on specific API endpoints and impersonate that user. CISA published the advisory on 2025-04-08 and later clarified the affected version lines and fix status on 2025-05-13.
- Vendor
- Siemens
- Product
- Industrial Edge Own Device (IEOD)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-08
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-08
- Advisory updated
- 2025-05-06
Who should care
Organizations running Siemens Industrial Edge Device Kit on arm64 or x86-64, especially deployments that use or previously used identity federation and expose API access beyond tightly trusted networks. Security teams, OT/ICS operators, and administrators responsible for authentication, API exposure, and device hardening should treat this as urgent.
Technical summary
The advisory states that affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. Exploitation is remote and unauthenticated, but it is not unconditional: identity federation must be currently or previously configured, and the attacker must already know the identity of a legitimate user. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting the potential for full compromise of confidentiality, integrity, and availability once the preconditions are met.
Defensive priority
Highest priority. The issue is rated Critical and can allow authentication circumvention and user impersonation on network-accessible API endpoints. Prioritize exposure reduction, version remediation where available, and validation of federation-related API access paths.
Recommended defensive actions
- Update affected installations to Siemens Industrial Edge Device Kit V1.20.2-1 or later for the listed V1.20 product lines.
- Update affected installations to Siemens Industrial Edge Device Kit V1.21.1-1 or later for the listed V1.21 product lines.
- For versions with no fix planned, apply the vendor mitigation and restrict network access to affected products to trusted parties only.
- Review whether identity federation is enabled or has been used previously, and inventory any API endpoints reachable from untrusted networks.
- Limit and monitor access to administrative and API interfaces, especially where identity federation is present.
- Validate compensating controls against CISA recommended practices for ICS and defense-in-depth.
Evidence notes
The source advisory is CISA ICSA-25-105-02 for Siemens Industrial Edge Device Kit, published 2025-04-08 and modified 2025-05-13. The revision history states that no more fixes are planned for version lines V1.17, V1.18, and V1.19, while fixes are available at V1.20.2-1 or later for V1.20 and at V1.21.1-1 or later for V1.21. The advisory also recommends limiting network access to trusted parties only. No KEV entry was provided in the source corpus.
Official resources
-
CVE-2024-54092 CVE record
CVE.org
-
CVE-2024-54092 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-04-08 and modified on 2025-05-13. No KEV listing was included in the supplied source corpus.