Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Authorization bypass vulnerability in Siemens Industrial Edge Devices, Patch Immediately!
Image
Published : 14/01/2026
* Last update: 14/01/2026
* Affected products:
→ Industrial Edge Cloud Device (IECD) < V1.24.2
→ Industrial Edge Own Device (IEOD) < V1.24.2
→ Industrial Edge Virtual Device (IEVD) < V1.24.2
→ SCALANCE LPE9413 (6GK5998-3GS01-2AC2) < V2.2
→ SCALANCE LPE9433 (6GK5998-3GS11-2AC2) < V2.2
→ SIMATIC IOT2050 (6ES7647-0BA00-1YA2) < V1.25.1
→ SIMATIC IPC BX-39A Industrial Edge Device < V3.1
→ SIMATIC IPC BX-59A Industrial Edge Device < V3.1
→ SIMATIC IPC127E Industrial Edge Device < V3.1
→ SIMATIC IPC227E Industrial Edge Device < V3.1
→ SIMATIC IPC227G Industrial Edge Device < V3.1
→ SIMATIC IPC427E Industrial Edge Device < V3.1
→ SIMATIC IPC847E Industrial Edge Device < V3.1* Type: Authorization Bypass Through User-Controlled Key
* CVE/CVSS:
- CVE-2025-40805: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Siemens-CERT - https://cert-portal.siemens.com/productcert/html/ssa-001536.html
Risks
CVE-2025-40805 is an authorization bypass vulnerability where an attacker can circumvent authentication and impersonate a legitimate user. This could lead to attackers performing unauthorized actions on interconnected devices.
Industrial edge devices operate at the network perimeter and manage extensive inbound and outbound connections, making them highly exposed. If compromised, an attacker could gain broad access, potentially leading to full system compromise.
Affected instances that are publicly exposed and not patched are at critical risk of a high impact on the confidentiality, integrity and availability.
Description
CVE-2025-40805 is a critical authorization bypass vulnerability that exists on affected devices that do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.
Successful exploitation of this vulnerability requires that the attacker has learned the identity of a legitimate user.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.