CVE-2022-40147

Name of the Vulnerable Software and Affected Versions Industrial Edge Management versions prior to V1.5.1

Description A vulnerability has been identified in the affected software where it does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.

Recommendations For versions prior to V1.5.1, update to version V1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting TLS connections to trusted servers or implementing additional validation mechanisms for server certificates until a patch is available.