Detections
Analytics
Siemens Industrial Edge Devices Weak Authentication (CVE-2024-54092)
critical Tenable OT Security Plugin ID 503757
Synopsis
The remote OT asset is affected by a vulnerability.Description
Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- SCALANCE LPE9413 (6GK5998-3GS01-2AC2), SIMATIC IPC427E Industrial Edge Device: Currently no fix is available
- Industrial Edge Virtual Device: Update to V1.21.1-1-a or later version
- Industrial Edge Own Device (IEOD): Update to V1.21.1-1-a or later version
- SIMATIC IPC BX-39A Industrial Edge Device, SIMATIC IPC BX-59A Industrial Edge Device, SIMATIC IPC127E Industrial Edge Device, SIMATIC IPC227E Industrial Edge Device, SIMATIC IPC847E Industrial Edge Device: Update to V3.0 or later version
- Ensure network access to affected products is limited to trusted parties only
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information see the associated Siemens security advisory SSA-634640 in HTML and CSAF.
See Also
https://cert-portal.siemens.com/productcert/html/ssa-634640.html
https://cert-portal.siemens.com/productcert/html/ssa-819629.html
http://www.nessus.org/u?c7aafe16
https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-04
Plugin Details
Severity: Critical
ID: 503757
File Name: tenable_ot_siemens_CVE-2024-54092.nasl
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 10/28/2025
Updated: 2/14/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/o:siemens:scalance_lpe9413_firmware:1.21.1
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 4/8/2025
Vulnerability Publication Date: 4/8/2025
Reference Information
CVE: CVE-2024-54092
CWE: 1390