Siemens SiPass Integrated Privilege Escalation Vulnerability in REST API and Telnet Interface

A vulnerability exists in Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP, all versions prior to 6.4.9. The issue arises because affected devices do not properly sanitize input for the pubkey endpoint of the REST API, allowing an authenticated remote administrator to inject arbitrary commands that are executed with root privileges. Additionally, a similar input validation flaw has been identified in the telnet command line interface, where an authenticated local administrator could also escalate privileges by injecting commands that are executed with root rights.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to execute commands with root privileges on the affected device.

Remediation

Users are advised to update to the latest versions of the affected products. For SiPass integrated AC5102 (ACC-G2) and ACC-AP, specific product remediations can be found in the Siemens Security Advisory SSA-515903. Additionally, it is recommended to set a strong password for the administrator account.