OTPulse

Siemens Building X - Security Manager Edge Controller

MonitorCVSS 6.2ICS-CERT ICSA-25-345-07May 23, 2025
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Building X - Security Manager Edge Controller (ACC-AP) and SiPass integrated controller (ACC-G2) devices fail to verify the integrity of firmware updates. An attacker with local access or the ability to upload a firmware file could install malicious firmware that bypasses the device's normal integrity checks. The vulnerability exists because the devices accept and execute firmware without cryptographic verification. Siemens states no fix is planned for these products and recommends using the ACC Firmware App with manual hash verification for updates, implementing strict access controls, and isolating the devices on a protected network.

What this means
What could happen
An attacker with local physical access or ability to upload firmware could install maliciously modified firmware on the edge controller, potentially allowing them to alter security functions or disable access controls. Since no fix is planned, this risk is persistent for all current versions.
Who's at risk
Building and security managers who operate Siemens Building X Security Manager Edge Controllers (ACC-AP) or SiPass integrated controllers (ACC-G2) for physical access control and authentication. This affects any organization using these devices in commercial buildings, campuses, or facilities requiring access control and credential management.
How it could be exploited
An attacker must have local access to the device or the ability to upload a firmware file to the ACC Firmware App. They create a malicious firmware package that mimics a legitimate update, and because the device does not verify firmware integrity before installation, the malicious firmware is accepted and executed.
Prerequisites
  • Local physical access to the device or ability to access the firmware upload interface
  • ACC Firmware App access or direct write access to the device
  • No authentication verification of firmware integrity is currently enforced by the device
No authentication required to upload firmwareLow complexity attack once access is gainedNo fix available (end-of-life products)Affects physical security controls
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
SiPass integrated AC5102 (ACC-G2)All versionsNo fix (EOL)
SiPass integrated ACC-APAll versionsNo fix (EOL)
Building X - Security Manager Edge Controller (ACC-AP)All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
SiPass integrated AC5102 (ACC-G2)
HARDENINGRestrict physical and logical access to ACC-AP and ACC-G2 devices to authorized personnel only; enforce strong access control policies and credential management
All products
WORKAROUNDUse the ACC Firmware App to apply firmware updates and validate the integrity of each downloaded firmware package by confirming its hash value against official SIOS portal sources before installation
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

Building X - Security Manager Edge Controller (ACC-AP)
HARDENINGImplement network access controls to restrict connections to the ACC-AP device to only trusted and authorized administrative workstations
All products
HARDENINGIsolate the edge controller and associated Building X infrastructure on a protected network segment behind a firewall; prevent direct Internet connectivity to the device
View full CISA ICS-CERT advisory
API: /api/v1/advisories/e38cb057-dac9-4dd4-863f-380d9596fa1f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.