Overview
- Siemens has released security updates that address multiple vulnerabilities in its products.
- the vulnerabilities include authentication bypass, privilege escalation, and memory corruption, and have the potential to allow remote privilege takeover or service impact.
Affected Products and Versions
- Industrial Edge Management Pro V1 is affected in versions V1.7.6 and above and V1.15.17 and below.
- Industrial Edge Management Pro V2 is affected for versions V2.0.0 and later and V2.1.1 and earlier.
- Industrial Edge Management Virtual is affected for versions V2.2.0 and later and V2.8.0 and earlier.
- RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) is affected for versions below V5.8.
- RUGGEDCOM CROSSBOW Station Access Controller (SAC) is affected for versions earlier than V5.8.
- SINEC NMS is affected for versions earlier than V4.0 SP3 and earlier than V4.0 SP3 with UMC.
Critical vulnerabilities addressed
- CVE-2026-33892: Remote authentication bypass vulnerability in Industrial Edge Management, CVSS 7.1.
- CVE-2026-27668: Privilege escalation vulnerability in RUGGEDCOM CROSSBOW SAM-P Before V5.8, CVSS 8.8.
- CVE-2025-6965: Memory corruption vulnerability in RUGGEDCOM CROSSBOW SAC Before V5.8, CVSS 7.7.
- CVE-2026-24032: Authentication bypass vulnerability in SINEC NMS in CVSS 7.3.
- CVE-2026-25654: Authentication bypass vulnerability via user-controlled key in SINEC NMS Before V4.0 SP3, CVSS 8.8.
Patches and Advisories
- a vulnerability patch or mitigation was provided in the 2026-04-14 update.
- the recommended action is to update affected products to the minimum recommended version provided by the manufacturer (V1.15.17, V2.1.1, V2.8.0, SAM-P V5.8, SAC V5.8, SINEC NMS V4.0 SP3, etc.
- detailed patch information and release notes can be found on the Siemens Security Advisories and Products page.
References
- Siemens security advisories and support documents such as SSA-801704, SSA-741509, SSA-609469, SSA-605717, and SSA-225816 were used as references.
