CVE-2022-40147
First published: Tue Oct 11 2022(Updated: )
A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Industrial Edge Management | <1.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-40147?
CVE-2022-40147 is a vulnerability identified in Siemens Industrial Edge Management software versions prior to 1.5.1.
What is the severity of CVE-2022-40147?
CVE-2022-40147 has a severity rating of 7.4 (High).
How does CVE-2022-40147 affect Siemens Industrial Edge Management software?
CVE-2022-40147 allows an attacker to spoof a trusted entity by interfering in the communication path between the software and the server due to improper validation of the server certificate.
How can I fix CVE-2022-40147?
To fix CVE-2022-40147, users should update their Siemens Industrial Edge Management software to version 1.5.1 or newer.
Where can I find more information about CVE-2022-40147?
More information about CVE-2022-40147 can be found in the Siemens ProductCERT advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-649853.pdf
- collector/nvd-index
- vendor/siemens
- canonical/siemens industrial edge management