Siemens SiPass Integrated

Act Now9.1ICS-CERT ICSA-25-051-04Feb 17, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SiPass integrated is vulnerable to a directory traversal vulnerability in the third-party DotNetZip component. An attacker with high privileges could craft a malicious backup file that, when restored through the Configuration Client, allows arbitrary code execution on the application server. This could compromise the access control system. Siemens has released patched versions for both V2.90 (2.90.3.19 or later) and V2.95 (2.95.3.15 or later).

What this means

What could happen

An attacker with high privileges could upload a malicious backup file and trigger arbitrary code execution on the SiPass application server during a restore operation, potentially compromising access control system operations or data integrity.

Who's at risk

This affects organizations using SiPass integrated physical access control systems, particularly sites that rely on automated backup/restore procedures or outsource backup management. Security managers, facility operations staff, and IT administrators responsible for access control system maintenance should prioritize this update.

How it could be exploited

An attacker with administrative or high-privilege access crafts a backup file containing path traversal payloads that exploit the DotNetZip component vulnerability. When this malicious backup is imported via the SiPass Configuration Client and a restore is initiated, the application extracts files outside the intended directory, allowing code execution on the server.

Prerequisites

High-privilege or administrative access to the SiPass Configuration Client
Ability to upload or provide a specially crafted backup file to a trusted user
System configured to perform a restore operation from an attacker-supplied backup

high CVSS severity (9.1)low authentication barrier for insiders or compromised adminsaffects critical access control infrastructuredirectory traversal enables arbitrary file extraction

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SiPass integrated V2.90<V2.90.3.192.90.3.19

SiPass integrated V2.95<V2.95.3.152.95.3.15

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDRestrict restore operations to only trusted persons and explicitly authorize who can initiate restore via the Configuration Client

WORKAROUNDImplement a policy requiring backup files to come only from known, trusted sources and implement file integrity verification before restore

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SiPass integrated V2.90

HOTFIXUpdate SiPass integrated V2.90 to version 2.90.3.19 or later

SiPass integrated V2.95

HOTFIXUpdate SiPass integrated V2.95 to version 2.95.3.15 or later

Long-term hardening

0/2

HARDENINGPlace SiPass application servers behind firewalls and isolate from business networks; disable internet-accessible administrative interfaces

HARDENINGImplement network segmentation to restrict access to the SiPass Configuration Client to authorized administrative workstations only

CVEs (1)

CVE-2024-48510

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ffe733e-7ea0-4058-90f8-2851a3867c59