OTPulse
FeedAboutContact

Siemens SiPass Integrated

Plan Patch7.5ICS-CERT ICSA-23-194-02Jul 11, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability in message handling. An unauthenticated remote attacker can send a crafted message to crash the server application, causing denial of service and interruption of access control operations. The vulnerability has a CVSS score of 7.5 (high severity) but is not actively exploited in the wild and has a low exploit probability of 0.4%.

What this means
What could happen
An unauthenticated attacker can crash the SiPass integrated server by sending a specially crafted network message, interrupting access control and badge reader operations until the service is manually restarted.
Who's at risk
Physical access control operations at any organization running SiPass integrated. This includes badge reader systems, door lock controllers, and access permission databases. Affected sectors include utilities, critical infrastructure, commercial buildings, and campuses where SiPass manages who can enter facilities.
How it could be exploited
An attacker on the network sends a malformed message to the SiPass integrated server that triggers a stack overflow in the application. The server crashes, causing a denial of service. No credentials are required, and the attacker does not need to be authenticated to the system.
Prerequisites
  • Network reachability to the SiPass integrated server port
  • No authentication or credentials required
  • Ability to send crafted network packets
remotely exploitableno authentication requiredlow complexityaffects access control and physical security operations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SiPass integrated<V2.90.3.82.90.3.8
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to the SiPass integrated server using firewall rules; ensure the device is not accessible from the Internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SiPass integrated to version 2.90.3.8 or later
Long-term hardening
0/2
HARDENINGIsolate the access control system network from business networks using firewalls and network segmentation
HARDENINGIf remote access to SiPass is required, use a VPN or other secure tunnel and ensure it is kept up to date
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/34f59092-b935-4e88-95be-ca46e39d59e2