CVE-2021-37184
CRITICALIndustrial Edge Management < 1.3 - Unauthenticated Password Change via User Impersonation
Title source: llmDescription
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf
Scores
CVSS v3
9.8
EPSS
0.0100
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-639
Status
published
Products (1)
siemens/industrial_edge_management
< 1.3
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026