Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP

Plan PatchCVSS 9.1ICS-CERT ICSA-25-072-04Mar 11, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SiPass integrated ACC (Advanced Central Controller) devices contain multiple vulnerabilities in authentication and input validation (CWE-306, CWE-20) that could allow attackers with high-level network access to execute arbitrary commands with root privileges and access sensitive data. Affected versions: SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP firmware versions below 6.4.8 and 6.4.9. Vulnerabilities include CVE-2024-52285 (command execution), CVE-2025-27493 (authentication bypass), and CVE-2025-27494 (weak authentication). Siemens has released patched versions 6.4.8 and 6.4.9 addressing these issues.

What this means

What could happen

An attacker with high privileges on your network could execute arbitrary commands as root on SiPass ACC devices, potentially manipulating building access control, alarm systems, and administrative functions. Unauthorized access to sensitive data stored on these controllers could expose user identity information and system configuration details.

Who's at risk

Organizations operating Siemens SiPass integrated building access control systems should care about this advisory. SiPass ACC controllers manage physical access to buildings, integrate with security alarm systems, and store user identity information. Affected equipment includes AC5102 controllers with ACC-G2 hardware and ACC-AP appliances running firmware versions prior to 6.4.8 or 6.4.9. Security teams responsible for physical security infrastructure, badge access systems, and building automation platforms are most directly impacted.

How it could be exploited

An attacker with administrator-level network credentials or access could exploit missing authentication checks or weak default credentials to gain root command execution on the ACC controller. The attack requires high privileges on the network but no user interaction. Once compromised, the attacker can run arbitrary system commands with root access.

Prerequisites

Network connectivity to the SiPass ACC device on its management port
High-privilege account credentials (administrator-level access or ability to set the 'SIEMENS' account password)
Knowledge of the ACC device network address and accessible administrative interface

Remotely exploitable over the networkHigh privileges required (reduces immediate risk but high impact if compromised)Root command execution capabilityAccess to sensitive identity dataCritical CVSS severity (9.1)Multiple independent vulnerabilities in same product line

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SiPass integrated AC5102 (ACC-G2)<V6.4.86.4.8

SiPass integrated AC5102 (ACC-G2)<V6.4.96.4.9

SiPass integrated ACC-AP<V6.4.86.4.8

SiPass integrated ACC-AP<V6.4.96.4.9

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDChange the default 'SIEMENS' administrator account password to a unique, strong password

HARDENINGRestrict network access to ACC devices using firewall rules; limit management port access to authorized administrative networks only

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

SiPass integrated AC5102 (ACC-G2)

HOTFIXUpdate SiPass integrated AC5102 (ACC-G2) to version 6.4.8 or later

HOTFIXUpdate SiPass integrated AC5102 (ACC-G2) to version 6.4.9 or later to address additional vulnerabilities

SiPass integrated ACC-AP

HOTFIXUpdate SiPass integrated ACC-AP to version 6.4.8 or later

HOTFIXUpdate SiPass integrated ACC-AP to version 6.4.9 or later to address additional vulnerabilities

Long-term hardening

0/1

HARDENINGIsolate SiPass ACC controllers from business networks; ensure they reside on a protected access control system network behind perimeter firewalls

CVEs (3)

CVE-2024-52285 CVE-2025-27493 CVE-2025-27494

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c4f32fe8-6dd1-48d2-a200-14dc6232216e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.