CVE-2022-40147
https://notcve.org/view.php?id=CVE-2022-40147
A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. Se ha identificado una vulnerabilidad en Industrial Edge Management (Todas las versiones anteriores a V1.5.1). El software afectado no comprueba apropiadamente el certificado del servidor cuando es iniciada una conexión TLS. • https://cert-portal.siemens.com/productcert/pdf/ssa-649853.pdf • CWE-295: Improper Certificate Validation •
CVE-2021-37184
https://notcve.org/view.php?id=CVE-2021-37184
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system. Se ha identificado una vulnerabilidad en Industrial Edge Management (Todas las versiones anteriores a V1.3). Un atacante no autenticado podría cambiar la contraseña de cualquier usuario del sistema en determinadas circunstancias. • https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf • CWE-639: Authorization Bypass Through User-Controlled Key •