CVE-2026-33892
Published: 14 April 2026
Summary
CVE-2026-33892 is a high-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 23.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-17 requires authorization and strong authentication mechanisms for remote access, directly preventing unauthenticated remote connections and impersonation in Industrial Edge Management systems.
MA-4 mandates strong authenticators and approval for nonlocal maintenance sessions, mitigating authentication bypass on remote device tunneling connections.
AC-3 enforces approved access control policies including authentication, addressing the core failure to enforce user authentication on remote connections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The auth bypass on remote device connections directly enables unauthenticated access to external remote services (T1133). The network-accessible management system vulnerability also facilitates exploitation of a public-facing application for initial access (T1190).
NVD Description
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management…
more
systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.
Deeper analysisAI
CVE-2026-33892 is a vulnerability in Siemens Industrial Edge Management Pro V1 (all versions >= V1.7.6 and < V1.15.17), Industrial Edge Management Pro V2 (all versions >= V2.0.0 and < V2.1.1), and Industrial Edge Management Virtual (all versions >= V2.2.0 and < V2.8.0). The issue stems from affected management systems failing to properly enforce user authentication on remote connections to devices, as classified under CWE-305 (Authentication Bypass by Primary Weakness). It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility and scope change despite requiring user interaction.
An unauthenticated remote attacker can exploit this vulnerability by identifying the specific header and port used for remote connections to devices, provided the remote connection feature is enabled on the target device. Successful exploitation enables the attacker to circumvent authentication, impersonate a legitimate user, and establish a tunnel to the device. However, this does not bypass security features inherent to the device itself, such as app-specific authentication.
For mitigation details, security practitioners should refer to the Siemens Security Advisory at https://cert-portal.siemens.com/productcert/html/ssa-609469.html, which provides guidance on patches and workarounds for the affected versions.
Details
- CWE(s)