Details of VAR-202501-1356

ID

VAR-202501-1356

CVE

CVE-2024-45385

TITLE

Siemens Industrial Edge Management Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-01696

DESCRIPTION

A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Industrial Edge represents an open, ready-to-use edge computing platform consisting of edge devices, edge applications, edge connectivity, and application and device management infrastructure. Siemens Industrial Edge Management has a cross-site scripting vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies

Trust: 1.44

sources: NVD: CVE-2024-45385 // CNVD: CNVD-2025-01696

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-01696

AFFECTED PRODUCTS

vendor:

siemens

model:

industrial edge management os

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-01696

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-45385
value:	LOW
Trust: 1.0
CNVD:	CNVD-2025-01696
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-01696
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-45385
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-01696 // NVD: CVE-2024-45385

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2024-45385

EXTERNAL IDS

db:	NVD	id:	CVE-2024-45385	Trust: 1.6
db:	SIEMENS	id:	SSA-416411	Trust: 1.6
db:	CNVD	id:	CNVD-2025-01696	Trust: 0.6

sources: CNVD: CNVD-2025-01696 // NVD: CVE-2024-45385

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-416411.html

Trust: 1.6

sources: CNVD: CNVD-2025-01696 // NVD: CVE-2024-45385

SOURCES

db:	CNVD	id:	CNVD-2025-01696
db:	NVD	id:	CVE-2024-45385

LAST UPDATE DATE

2025-01-19T19:26:58.813000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-01696	date:	2025-01-17T00:00:00
db:	NVD	id:	CVE-2024-45385	date:	2025-01-14T11:15:15.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-01696	date:	2025-01-17T00:00:00
db:	NVD	id:	CVE-2024-45385	date:	2025-01-14T11:15:15.750