Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP

Act Now9.1ICS-CERT ICSA-25-072-04Mar 11, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SiPass integrated AC5102 (ACC-G2) and ACC-AP (Advanced Central Controller) devices contain multiple vulnerabilities that allow attackers to execute commands with root privileges and access sensitive data. The vulnerabilities stem from missing input validation (CWE-20) and broken authentication (CWE-306). Affected versions: AC5102 (ACC-G2) before 6.4.9, and ACC-AP before 6.4.9. Attackers with administrative credentials or leveraging default/weak credentials could authenticate to the device and execute arbitrary commands, potentially compromising access control logic, alarm functionality, and authentication systems that control physical facility entry.

What this means

What could happen

An attacker with administrative credentials could execute commands with root privileges on the ACC device, potentially altering access control logic, disabling alarms, or stopping authentication services that protect physical facility entry.

Who's at risk

Water utilities, municipalities, and other facilities relying on Siemens SiPass integrated access control systems for physical security. Specifically affects the AC5102 controller (ACC-G2 variant) and ACC-AP (Advanced Central Controller module) used in door and gate access control, badging, and alarm integration.

How it could be exploited

An attacker with high-privilege credentials (or using default/weak credentials if not changed) could authenticate to the ACC device via network access and execute arbitrary commands. The vulnerability chain involves missing input validation and insufficient authentication controls that allow privilege escalation once authenticated.

Prerequisites

Network access to the ACC device (port 502 or management interface)
Valid or default administrator account credentials (username: SIEMENS)
High privilege level (administrator role)

remotely exploitablehigh privilege requirement (limits but does not eliminate risk)default credentials risk if not changedaffects physical access control and safety monitoring systemshigh CVSS score (9.1)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SiPass integrated AC5102 (ACC-G2)<V6.4.86.4.8

SiPass integrated AC5102 (ACC-G2)<V6.4.96.4.9

SiPass integrated ACC-AP<V6.4.86.4.8

SiPass integrated ACC-AP<V6.4.96.4.9

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDChange the default SIEMENS administrator account password to a strong, unique value immediately

HARDENINGRestrict network access to ACC devices using firewall rules; do not expose management interfaces to untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SiPass integrated AC5102 (ACC-G2)

HOTFIXUpdate SiPass integrated AC5102 (ACC-G2) to firmware version 6.4.9 or later

SiPass integrated ACC-AP

HOTFIXUpdate SiPass integrated ACC-AP to firmware version 6.4.9 or later

Long-term hardening

0/2

HARDENINGIsolate SiPass integrated systems from business networks and the internet using network segmentation

HARDENINGDeploy VPN with strong authentication for any required remote access to ACC devices

CVEs (3)

CVE-2024-52285 CVE-2025-27493 CVE-2025-27494

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c4f32fe8-6dd1-48d2-a200-14dc6232216e