Vulnerabilites related to Siemens - SiPass integrated AC5102 (ACC-G2)
cve-2022-31808
Vulnerability from cvelistv5
Published
2023-02-14 10:36
Modified
2025-03-20 20:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface.
This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SiPass integrated AC5102 (ACC-G2) |
Version: All versions < V2.85.44 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:01.373Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-31808", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T20:14:00.542637Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T20:14:08.699Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SiPass integrated AC5102 (ACC-G2)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.85.44", }, ], }, { defaultStatus: "unknown", product: "SiPass integrated ACC-AP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.85.43", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface.\r\n\r\nThis could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T09:24:44.436Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-31808", datePublished: "2023-02-14T10:36:07.859Z", dateReserved: "2022-05-30T10:21:52.587Z", dateUpdated: "2025-03-20T20:14:08.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27493
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 13:23
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
9.3 (Critical) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS score ?
Summary
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SiPass integrated AC5102 (ACC-G2) |
Version: 0 < V6.4.9 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27493", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:22:51.045899Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T13:23:01.779Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SiPass integrated AC5102 (ACC-G2)", vendor: "Siemens", versions: [ { lessThan: "V6.4.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SiPass integrated ACC-AP", vendor: "Siemens", versions: [ { lessThan: "V6.4.9", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 9.3, baseSeverity: "CRITICAL", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:32.888Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-515903.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-27493", datePublished: "2025-03-11T09:48:32.888Z", dateReserved: "2025-02-26T18:05:35.964Z", dateUpdated: "2025-03-11T13:23:01.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27494
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 13:21
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS score ?
Summary
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SiPass integrated AC5102 (ACC-G2) |
Version: 0 < V6.4.9 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27494", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:19:43.283419Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T13:21:07.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SiPass integrated AC5102 (ACC-G2)", vendor: "Siemens", versions: [ { lessThan: "V6.4.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SiPass integrated ACC-AP", vendor: "Siemens", versions: [ { lessThan: "V6.4.9", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 9.4, baseSeverity: "CRITICAL", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:34.182Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-515903.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-27494", datePublished: "2025-03-11T09:48:34.182Z", dateReserved: "2025-02-26T18:05:35.964Z", dateUpdated: "2025-03-11T13:21:07.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52285
Vulnerability from cvelistv5
Published
2025-03-11 09:47
Modified
2025-03-11 14:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SiPass integrated AC5102 (ACC-G2) |
Version: 0 < V6.4.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52285", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:07:20.675372Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:07:41.226Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SiPass integrated AC5102 (ACC-G2)", vendor: "Siemens", versions: [ { lessThan: "V6.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SiPass integrated ACC-AP", vendor: "Siemens", versions: [ { lessThan: "V6.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { cvssV4_0: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:47:58.676Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-515903.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52285", datePublished: "2025-03-11T09:47:58.676Z", dateReserved: "2024-11-06T14:56:21.337Z", dateUpdated: "2025-03-11T14:07:41.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }