Primary

Context

Siemens SiPass Integrated Privilege Escalation Vulnerability in Telnet CLI

Vulnerability

Patched

A vulnerability exists in Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP, all versions prior to 6.4.9. The issue arises because the devices do not properly sanitize user input for certain commands in the telnet command line interface. This flaw could enable an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an authenticated local administrator to execute commands with root privileges on the affected device.

Remediation

Siemens has released version 6.4.9 for both affected products. Users are advised to update to this version. Additionally, it is recommended to set a strong, individual password for the administrator account.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SiPass Integrated Privilege Escalation Vulnerability in Telnet CLI

Vulnerability

Impact

Remediation

Affected Products

Siemens SiPass integrated AC5102

Siemens SiPass integrated ACC-AP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating