PatchSiren cyber security CVE debrief
CVE-2026-33892 Siemens CVE debrief
CVE-2026-33892 is a high-severity authentication-bypass issue in Siemens Industrial Edge Management product lines. If the remote connection feature is enabled and an attacker knows the required header and port, a remote unauthenticated attacker may bypass authentication, impersonate a legitimate user, and tunnel to the device. Siemens and CISA note that device-local security features such as app-specific authentication are not affected.
- Vendor
- Siemens
- Product
- Industrial Edge Management Pro V1
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-14
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-14
- Advisory updated
- 2026-04-21
Who should care
OT and industrial automation teams running Siemens Industrial Edge Management Pro V1, Pro V2, or Industrial Edge Management Virtual deployments—especially any environment that exposes remote device connections beyond tightly controlled internal access.
Technical summary
CISA’s advisory states that affected management systems do not properly enforce user authentication on remote connections to devices. Exploitation requires knowledge of the header and port used for remote connections and that the remote connection feature be enabled. Successful exploitation can let an attacker circumvent authentication and tunnel to the device. Affected ranges in the supplied advisory are Industrial Edge Management Pro V1 versions 1.7.6 through 1.15.16, Pro V2 versions 2.0.0 through 2.1.0, and Industrial Edge Management Virtual versions 2.2.0 through 2.7.99; fixed versions are 1.15.17, 2.1.1, and 2.8.0 or later, respectively.
Defensive priority
High
Recommended defensive actions
- Update affected systems to Siemens fixed releases: V1.15.17 or later, V2.1.1 or later, or V2.8.0 or later, depending on the product line.
- Restrict network access to affected products to trusted parties only, per the vendor/CISA remediation guidance.
- Verify whether the remote connection feature is enabled anywhere in your environment and disable it where it is not required.
- Review exposure of the connection header and port used for remote access so they are not reachable from untrusted networks.
- Apply ICS network segmentation and defense-in-depth practices from CISA guidance to reduce the impact of remote access weaknesses.
Evidence notes
Summary, affected versions, and remediation come from the CISA CSAF advisory ICSA-26-111-11 republishing Siemens ProductCERT SSA-609469, supported by the linked Siemens advisory references and the CVE record. The supplied timeline indicates the CVE was published on 2026-04-14 and modified on 2026-04-21; that modified date reflects advisory update/republication, not the original issue date. No KEV listing was provided in the supplied corpus.
Official resources
-
CVE-2026-33892 CVE record
CVE.org
-
CVE-2026-33892 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-04-14 by CISA as ICSA-26-111-11 and republished on 2026-04-21 from Siemens ProductCERT advisory SSA-609469.