Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge Device Builders integrate Industrial Edge Device Kit into their offerings within the open Industrial Edge ecosystem. See further details about affected Industrial Edge Devices in the Additional Information section. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
https://cert-portal.siemens.com/productcert/html/ssa-819629.html