Primary

Context

SiRcom SMART Alert Missing Authentication Vulnerability Allowing Unauthorized Access to Backend APIs

Vulnerability

A vulnerability in SiRcom SMART Alert (SiSA) version 3.0.48 allows unauthorized access to backend APIs, enabling an unauthenticated attacker to bypass the login screen and access restricted areas of the application. This missing authentication for critical functions could lead to unauthorized manipulation of emergency sirens.

Impact

Exploitation of this vulnerability could allow an attacker to remotely activate or control emergency sirens.

Remediation

SiRcom has not responded to CISA's request for coordination. Contact SiRcom through their contact page for more information. CISA recommends minimizing network exposure for control system devices, locating them behind firewalls, and using secure remote access methods like VPNs. Organizations should also perform impact analysis and risk assessment before deploying defensive measures.

Added: Nov 25, 2025, 6:32 PM

Updated: Nov 25, 2025, 10:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SiRcom SMART Alert Missing Authentication Vulnerability Allowing Unauthorized Access to Backend APIs

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating