Siemens SiPass Server Buffer Overflow
Act NowICS-CERT ICSA-12-305-01Aug 4, 2012
Summary
A buffer overflow vulnerability exists in Siemens SiPass integrated access control systems in version MP2.6 and earlier. The vulnerability allows remote code execution via specially crafted network messages sent to the SiPass Server. Successful exploitation could allow an attacker to run arbitrary commands with the privileges of the SiPass service, potentially compromising physical access controls. No patch is currently available from Siemens.
What this means
What could happen
A buffer overflow in SiPass Server could allow an attacker to execute arbitrary code on the access control system, potentially disabling or manipulating physical access controls at your facility.
Who's at risk
This affects organizations using Siemens SiPass integrated access control systems (version MP2.6 and earlier). Security and facilities teams managing physical access to critical infrastructure should be concerned, as well as IT personnel responsible for OT network security.
How it could be exploited
An attacker with network access to the SiPass Server could send a specially crafted message to trigger the buffer overflow, allowing them to execute commands with the privileges of the SiPass service account. This could be done remotely if the server is exposed to the network or accessible from a compromised workstation.
Prerequisites
- Network access to SiPass Server (likely port 443 or internal network access)
- Ability to send crafted packets to the vulnerable SiPass service
remotely exploitablebuffer overflow vulnerability (memory corruption)no patch availablehigh EPSS score (35.4%)
Exploitability
High exploit probability (EPSS 35.4%)
Affected products (1)
ProductAffected VersionsFix Status
SiPass integrated: <=MP2.6≤ MP2.6No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate SiPass Server from untrusted networks using firewall rules; restrict access to authorized engineering workstations and management systems only
WORKAROUNDDisable remote access to SiPass Server if not required for operations; use VPN or out-of-band management channels if remote administration is necessary
Mitigations - no patch available
0/2SiPass integrated: <=MP2.6 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to separate access control systems from general IT infrastructure and guest networks
HARDENINGMonitor SiPass Server logs and network traffic for unusual connection attempts or malformed requests
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bf87e547-61d4-4a7d-8a93-c824cca82978