CVE-2024-54092

Name of the Vulnerable Software and Affected Versions: Industrial Edge Device Kit - arm64 versions V1.17 through V1.20.2-1, V1.21 versions prior to V1.21.1-1 Industrial Edge Device Kit - x86-64 versions V1.17 through V1.20.2-1, V1.21 versions prior to V1.21.1-1 Industrial Edge Own Device (IEOD) versions prior to V1.21.1-1-a Industrial Edge Virtual Device versions prior to V1.21.1-1-a SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (all versions) SIMATIC IPC BX-39A Industrial Edge Device versions prior to V3.0 SIMATIC IPC BX-59A Industrial Edge Device versions prior to V3.0 SIMATIC IPC127E Industrial Edge Device versions prior to V3.0 SIMATIC IPC227E Industrial Edge Device versions prior to V3.0 SIMATIC IPC427E Industrial Edge Device versions prior to V3.0 SIMATIC IPC847E Industrial Edge Device versions prior to V3.0

Description: The affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.

Recommendations: For Industrial Edge Device Kit - arm64 versions V1.17 through V1.20.2-1, update to version V1.20.2-1 or later. For Industrial Edge Device Kit - arm64 version V1.21, update to version V1.21.1-1 or later. For Industrial Edge Device Kit - x86-64 versions V1.17 through V1.20.2-1, update to version V1.20.2-1 or later. For Industrial Edge Device Kit - x86-64 version V1.21, update to version V1.21.1-1 or later. For Industrial Edge Own Device (IEOD) versions prior to V1.21.1-1-a, update to version V1.21.1-1-a or later. For Industrial Edge Virtual Device versions prior to V1.21.1-1-a, update to version V1.21.1-1-a or later. For SCALANCE LPE9413 (6GK5998-3GS01-2AC2), contact the vendor for a fix. For SIMATIC IPC BX-39A Industrial Edge Device versions prior to V3.0, update to version V3.0 or later. For SIMATIC IPC BX-59A Industrial Edge Device versions prior to V3.0, update to version V3.0 or later. For SIMATIC IPC127E Industrial Edge Device versions prior to V3.0, update to version V3.0 or later. For SIMATIC IPC227E Industrial Edge Device versions prior to V3.0, update to version V3.0 or later. For SIMATIC IPC427E Industrial Edge Device versions prior to V3.0, update to version V3.0 or later. For SIMATIC IPC847E Industrial Edge Device versions prior to V3.0, update to version V3.0 or later.