Skip to main content
CybersecurityInfrastructure

Siemens SiPass Integrated AC5102/ACC-G2 and ACC-AP Overview

Siemens SiPass Integrated AC5102/ACC-G2 and ACC-AP Overview

1. EXECUTIVE SUMMARY

  • CVSS v4 9.4
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP
  • Vulnerabilities: Missing Authentication for Critical Function, Improper Input Validation

2. RISK EVALUATION

The vulnerabilities identified in the Siemens SiPass integrated AC5102 and ACC-AP systems pose significant risks. Successful exploitation could allow an attacker to execute commands on the device with root privileges, potentially leading to unauthorized access to sensitive data. This level of access can compromise the integrity and confidentiality of critical infrastructure systems, making it imperative for organizations to address these vulnerabilities promptly.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens has confirmed that the following products are affected by the identified vulnerabilities:

  • Siemens SiPass integrated AC5102 (ACC-G2): All versions prior to V6.4.8 (CVE-2024-52285)
  • Siemens SiPass integrated AC5102 (ACC-G2): All versions prior to V6.4.9 (CVE-2025-27493, CVE-2025-27494)
  • Siemens SiPass integrated ACC-AP: All versions prior to V6.4.8 (CVE-2024-52285)
  • Siemens SiPass integrated ACC-AP: All versions prior to V6.4.9 (CVE-2025-27493, CVE-2025-27494)

3.2 VULNERABILITY OVERVIEW

3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

The affected devices expose several MQTT URLs without authentication, allowing unauthenticated remote attackers to access sensitive data. This vulnerability is documented as CVE-2024-52285, with a CVSS v3 base score of 5.3 and a CVSS v4 score of 6.9.

3.2.2 IMPROPER INPUT VALIDATION CWE-20

This vulnerability arises from improper sanitization of user input for specific commands on the telnet command line interface. An authenticated local administrator could escalate privileges by injecting arbitrary commands executed with root privileges. This is documented as CVE-2025-27493, with a CVSS v3 base score of 8.2 and a CVSS v4 score of 9.3.

3.2.3 IMPROPER INPUT VALIDATION CWE-20

Similar to the previous vulnerability, this issue involves improper input sanitization for the pubkey endpoint of the REST API. An authenticated remote administrator could escalate privileges by injecting arbitrary commands executed with root privileges. This vulnerability is documented as CVE-2025-27494, with a CVSS v3 base score of 9.1 and a CVSS v4 score of 9.4.

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

The vulnerabilities were reported to Siemens by Airbus Security, highlighting the importance of collaboration between private sector entities in identifying and mitigating security risks.

4. MITIGATIONS

To mitigate the risks associated with these vulnerabilities, Siemens recommends the following actions:

  • Update to V6.4.8 or later version: This applies to both the SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP to address CVE-2024-52285.
  • Set a strong password for the administrator account “SIEMENS”: This is crucial for mitigating risks associated with CVE-2025-27493 and CVE-2025-27494.
  • Update to V6.4.9 or later version: This is necessary for both devices to address CVE-2025-27493 and CVE-2025-27494.

Siemens also advises implementing general security measures to protect network access to devices, including configuring the environment according to Siemens’ operational guidelines for industrial security.

For further information, users can refer to the associated Siemens security advisory SSA-515903 available in both HTML and CSAF formats.

5. CISA RECOMMENDATIONS

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities:

  • Minimize network exposure: Ensure that all control system devices are not accessible from the internet.
  • Isolate control system networks: Place control system networks and remote devices behind firewalls, separating them from business networks.
  • Use secure remote access methods: When remote access is necessary, utilize Virtual Private Networks (VPNs) while being aware of their potential