Primary

Context

Siemens SiPass Integrated Products Missing Authentication Vulnerability Allowing Unauthenticated Access to Sensitive Data

Vulnerability

Patched

A vulnerability exists in Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP, all versions prior to V6.4.8. The vulnerability arises because affected devices expose several MQTT URLs without authentication, potentially allowing an unauthenticated remote attacker to access sensitive data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data via the exposed MQTT URLs.

Remediation

Siemens has released version V6.4.8 for both SiPass integrated AC5102 (ACC-G2) and ACC-AP. Users are advised to update to this version. For general security, it is recommended to protect network access to affected products with appropriate measures and to follow recommended security practices to maintain a secure IT environment.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SiPass Integrated Products Missing Authentication Vulnerability Allowing Unauthenticated Access to Sensitive Data

Vulnerability

Impact

Remediation

Affected Products

Siemens SiPass integrated AC5102

Siemens SiPass integrated ACC-AP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating