Summary: Siemens has issued a security advisory regarding multiple vulnerabilities in its SiPass integrated access control systems. These vulnerabilities could enable attackers to execute commands with root privileges and access sensitive data. Customers are urged to update to the latest product versions to mitigate risks.
Affected: SiPass integrated AC5102 (ACC-G2) and ACC-AP
Keypoints :
- Vulnerabilities allow execution of commands with root privileges and access to sensitive data.
- CVE-2024-52285: 5.3, CVE-2025-27493: 8.2, and CVE-2025-27494: 9.1 assigned CVSS v3.1 base scores.
- Most serious vulnerability, CVE-2025-27494, allows privilege escalation through command injection.
- Customers advised to set strong passwords for administrator accounts and secure network access.
- Immediate updates to the latest product versions are strongly recommended to minimize risks.