Primary

Context

Siemens SiPass Integrated Broken Access Control Vulnerability Allowing Data Manipulation

Vulnerability

Patched

A broken access control vulnerability has been identified in Siemens SiPass Integrated, all versions prior to 3.0. The vulnerability arises from an inadequate authorization mechanism that fails to implement sufficient server-side checks. This flaw allows an attacker to execute specific API requests, potentially leading to unauthorized manipulation of data belonging to other users.

Impact

Exploitation of this vulnerability could result in unauthorized data manipulation, affecting other users' information within the application.

Remediation

Users are advised to update to SiPass Integrated version 3.0 or later. For more information, visit the Siemens Support page.

Added: Oct 14, 2025, 10:20 AM

Updated: Oct 14, 2025, 10:20 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.5

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.5

remediation

7.9

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SiPass Integrated Broken Access Control Vulnerability Allowing Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

Siemens SiPass integrated

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating