Primary

Context

Siemens SiPass Integrated Products Improper Firmware Update Integrity Check Vulnerability

Vulnerability

A vulnerability exists in Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP devices, all versions, due to improper integrity checks of firmware updates. This flaw enables local attackers to upload maliciously modified firmware. Additionally, remote attackers could intercept and alter firmware being transferred from the server to the device.

Impact

Exploitation allows for the upload of malicious firmware, which could potentially be used to compromise the device's functionality or security.

Remediation

Siemens recommends enabling TLS for communications between servers and affected devices to prevent interception and modification of firmware updates. This guidance is applicable to both the AC5102 (ACC-G2) and ACC-AP products.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.1

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

3.1

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SiPass Integrated Products Improper Firmware Update Integrity Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SiPass integrated AC5102

Siemens SiPass integrated ACC-AP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating