OTPulse
FeedAboutContact

Improper Integrity Check of Firmware Updates in SiPass integrated AC5102 / ACC-G2 and ACC-AP

Monitor6.2SSA-367714May 23, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SiPass integrated ACC (Advanced Central Controller) devices do not properly verify the integrity of firmware updates. An attacker could upload maliciously modified firmware onto affected devices. The AC5102 (ACC-G2) and ACC-AP controllers in all versions are affected. Siemens has not released fixes for these products and recommends implementing network protection measures and following security best practices to operate devices in a protected IT environment.

What this means
What could happen
An attacker with physical or local network access to an ACC (Advanced Central Controller) device could upload malicious firmware that would be installed without verification, potentially taking full control of the device and disrupting access control operations across connected areas.
Who's at risk
Facilities using Siemens SiPass integrated access control systems (AC5102 ACC-G2 and ACC-AP controllers) are affected. This impacts organizations managing building access control, badge readers, and door locks—particularly critical infrastructure sites like utilities, hospitals, data centers, and government facilities that rely on these controllers to manage physical security.
How it could be exploited
An attacker needs local or direct network access to the ACC device's firmware update interface. They could craft a malicious firmware file, connect to the device, and upload it without the device validating that the firmware is legitimate or unmodified. The device would install the compromised firmware, giving the attacker control over its operations.
Prerequisites
  • Local or direct network access to the ACC device firmware update port/interface
  • Ability to physically access the device or reach it from an untrusted network segment
  • No authentication required for firmware upload function
no patch availableaffects safety/security systems (physical access control)no authentication required for firmware uploadlow complexity attack
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
SiPass integrated AC5102 (ACC-G2)All versionsNo fix (EOL)
SiPass integrated ACC-APAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to ACC firmware update interfaces using firewalls, VLANs, or physical network segmentation
HARDENINGLimit physical access to ACC devices to authorized personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for unauthorized firmware update attempts through device logs or network monitoring
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP. Apply the following compensating controls:
HARDENINGIsolate ACC devices on a protected network segment separate from untrusted networks
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cdb7f2e2-5c03-4d19-9424-3bf9993144ca
Improper Integrity Check of Firmware Updates in SiPass integrated AC5102 / ACC-G2 and ACC-AP | CVSS 6.2 - OTPulse