Siemens SiPass integrated

Act Now9.8ICS-CERT ICSA-17-194-01Jul 13, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple authentication bypass and improper authorization vulnerabilities exist in SiPass integrated versions below 2.70. An attacker on the network can exploit weak authentication validation (CWE-287), improper authorization (CWE-269), missing encryption (CWE-300), and exposed credentials (CWE-257) to gain unauthorized administrative access to the access control system without valid credentials. This allows modification of user accounts, disabling of access controls, and viewing of security logs and facility entry records.

What this means

What could happen

An attacker without credentials can remotely access SiPass integrated authentication systems and bypass security controls, potentially allowing unauthorized entry to secure facilities and compromising physical security operations.

Who's at risk

Physical security teams and facility managers operating SiPass integrated access control systems. This affects any organization using Siemens SiPass integrated for building entry, badging, or facility access control—including water authorities, utilities, government offices, and critical infrastructure sites.

How it could be exploited

An attacker on the network sends crafted requests to the SiPass integrated system (port typically 443 for web interface or native protocol). Due to weak or missing authentication validation (CWE-287, CWE-269), the attacker gains administrative access without valid credentials and can modify user accounts, disable access controls, or view security logs.

Prerequisites

Network connectivity to SiPass integrated system
No valid user credentials required
Network access to the web interface or management port

Remotely exploitableNo authentication requiredLow complexity to exploitNo patch available for older versionsAffects physical security and access controlCVSS 9.8 (critical)

Exploitability

Moderate exploit probability (EPSS 2.1%)

Affected products (1)

ProductAffected VersionsFix Status

SiPass integrated: All< 2.702.70

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXUpdate SiPass integrated to version 2.70 or later

HARDENINGIsolate SiPass integrated systems from untrusted networks using firewall rules; restrict access to the management interface to authorized engineering workstations and offices only

WORKAROUNDAudit user accounts and access logs for unauthorized changes or access attempts

Long-term hardening

0/1

HARDENINGImplement network segmentation to separate access control systems from general IT networks

CVEs (4)

CVE-2017-9939 CVE-2017-9940 CVE-2017-9941 CVE-2017-9942

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a10e2725-13c9-4165-91f8-02fd3d31de46