Siemens product security update overview.

---

Siemens has released security updates that address multiple authentication and authorization-related vulnerabilities in its SINEC NMS, RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P), and Industrial Edge Management product lines.
the main vulnerabilities are authentication bypass, password reset due to bypassing authorization verification, privilege escalation, and access gain through user impersonation.

Affected products and affected versions.

---

the affected products and vulnerable versions are as follows.

• CVE-2026-24032: SINEC NMS (UMC Management Environment) version V4.0 SP3 or earlier.
• CVE-2026-25654: SINEC NMS version V4.0 SP3 or earlier.
• CVE-2026-27668: RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) version before V5.8.
• CVE-2026-33892: Industrial Edge Management Pro V1 version V1.7.6 or higher but lower than V1.15.17, Pro V2 version V2.0.0 or higher but lower than V2.1.1, Virtual version V2.2.0 or higher but lower than V2.8.0.

Summary of Resolved Vulnerabilities.

---

the resolved patched versions are as follows.

• SINEC NMS: V4.0 SP3 or later.
• RUGGEDCOM CROSSBOW SAM-P: V5.8 or later.
• Industrial Edge Management Pro V1: V1.15.17 or later.
• Industrial Edge Management Pro V2: V2.1.1 or later.
• Industrial Edge Management Virtual: V2.8.0 or later.

Risk and impact.

---

the impact is the risk of unauthorized access due to bypassing authentication and authorization verification, account takeover through password reset, and misuse of administrative functions through privilege escalation.
affected systems are advised to apply the specified patch or later.
references are the Siemens Security Advisory pages (SSA-801704, SSA-605717, SSA-741509, SSA-609469).