CVE-2025-40805
published 2026-01-13CVE-2025-40805: Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent…
PriorityP278critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.60%
44.3th percentile
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
Affected
81 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | industrial_edge_cloud_device | < V1.24.2 | V1.24.2 |
| siemens | industrial_edge_device_kit_arm64_v1.10 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.11 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.12 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.13 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.14 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.15 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.16 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.17 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.18 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.19 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.20 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.21 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.22 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.23 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.24 | < V1.24.2 | V1.24.2 |
| siemens | industrial_edge_device_kit_arm64_v1.25 | < V1.25.1 | V1.25.1 |
| siemens | industrial_edge_device_kit_arm64_v1.5 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.6 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.7 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.8 | < * | * |
| siemens | industrial_edge_device_kit_arm64_v1.9 | < * | * |
| siemens | industrial_edge_device_kit_x86-64_v1.10 | < * | * |
| siemens | industrial_edge_device_kit_x86-64_v1.11 | < * | * |
| siemens | industrial_edge_device_kit_x86-64_v1.12 | < * | * |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability targets specific API endpoints that do not properly enforce user authentication — monitor for unauthenticated requests to API endpoints on Siemens Industrial Edge devices, especially those that succeed without valid credentials ↗
- →Exploitation is classified as Authorization Bypass Through User-Controlled Key (CWE-639) — look for API requests where a user identity/key is supplied in the request without a corresponding valid authentication token or session ↗
- →Successful exploitation requires the attacker to know a legitimate username — monitor for reconnaissance activity (e.g., user enumeration attempts) against Industrial Edge device management interfaces prior to API abuse ↗
- →The attack vector is network-based with no privileges required and no user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) — alert on unauthenticated remote connections to management APIs of affected Siemens Industrial Edge devices from untrusted network segments ↗
- ·The specific API endpoint paths that are improperly authenticated are not disclosed in the available advisories — detection rules cannot target specific URL paths without further vendor technical detail ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Industrial Edge Devices
cisa_ics·2026-01-14·CVSS 10.0
[CRITICAL] Siemens Industrial Edge Devices
ICS Advisory
##
Siemens Industrial Edge Devices
Release DateJanuary 14, 2026
Alert CodeICSA-26-015-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Siemens Industrial Edge Devices contain an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
The following versions of Siemens Industrial Edge Devices are affected:
- Industrial Edge Cloud Device (IECD
CISA ICS
Siemens Industrial Edge Device Kit
cisa_ics·2026-01-14·CVSS 10.0
[CRITICAL] Siemens Industrial Edge Device Kit
ICS Advisory
##
Siemens Industrial Edge Device Kit
Release DateJanuary 14, 2026
Alert CodeICSA-26-015-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are n
GHSA
GHSA-8gqp-3rhh-936h: Affected devices do not properly enforce user authentication on specific API endpoints
ghsa_unreviewed·2026-01-13
CVE-2025-40805 [CRITICAL] CWE-639 GHSA-8gqp-3rhh-936h: Affected devices do not properly enforce user authentication on specific API endpoints
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-13
Published