Siemens SiPass Integrated

Plan PatchCVSS 9.1ICS-CERT ICSA-25-051-04Feb 17, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SiPass integrated contains a directory traversal vulnerability in the third-party component DotNetZip. An attacker could execute arbitrary code on the application server if a specially crafted backup set is used during a restore operation.

What this means

What could happen

An attacker with access to the backup restore function could upload a malicious backup file to execute arbitrary code on the SiPass integrated server, potentially compromising access control system operations and compromising security of facilities relying on SiPass for badge access and authentication.

Who's at risk

Organizations operating Siemens SiPass integrated access control systems, particularly in building security, government facilities, and critical infrastructure sectors that rely on integrated badge access and authentication. The risk is highest for facilities where backup restore operations are performed or where the Configuration Client is exposed to less-trusted personnel.

How it could be exploited

An attacker with the ability to initiate a restore operation (or trick an authorized person into doing so) uploads a specially crafted backup file. When the server processes the backup during restore, the directory traversal in DotNetZip allows code execution on the application server.

Prerequisites

Access to the Configuration Client interface with restore permissions
Ability to provide a malicious backup file to an authorized restore operator, or direct access to initiate a restore

High CVSS severity (9.1)Remotely exploitable if Configuration Client is network-accessibleRequires high privilege (authorized restore operator) but impact is criticalDirectory traversal allows arbitrary code execution

Exploitability

Some exploitation risk — EPSS score 2.3%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SiPass integrated V2.90<V2.90.3.192.90.3.19

SiPass integrated V2.95<V2.95.3.152.95.3.15

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict Configuration Client restore access to only trusted personnel with documented authorization

WORKAROUNDImplement a change control process requiring verification that backup files come from trusted sources before initiating any restore operation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SiPass integrated V2.90

HOTFIXUpdate SiPass integrated V2.90 to version 2.90.3.19 or later

SiPass integrated V2.95

HOTFIXUpdate SiPass integrated V2.95 to version 2.95.3.15 or later

Long-term hardening

0/1

HARDENINGIsolate the SiPass integrated server from the internet and restrict network access from business networks

CVEs (1)

CVE-2024-48510

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8ffe733e-7ea0-4058-90f8-2851a3867c59

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.