Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP
Plan Patch7.8SSA-658793Feb 14, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SiPass integrated ACC (Advanced Central Controller) devices contain a command injection vulnerability in the telnet command-line interface. User input is not properly sanitized, allowing an authenticated user to inject arbitrary commands that execute with root privileges. Affected products are AC5102 (ACC-G2) versions before 2.85.44 and ACC-AP versions before 2.85.43. Siemens has released firmware updates to address this issue.
What this means
What could happen
An authenticated local user with telnet access to a SiPass ACC controller could inject commands that execute with root privileges, potentially allowing them to modify access control policies, disable security features, or disrupt physical access operations.
Who's at risk
This affects facilities using Siemens SiPass integrated access control systems, particularly sites managing physical security with AC5102 and ACC-AP controllers. Security personnel, facility managers, and integrators maintaining these systems need to apply updates. Any organization where non-IT staff may have access to engineering interfaces should prioritize this.
How it could be exploited
An attacker with valid credentials and telnet access to the ACC device's command-line interface can inject shell metacharacters into telnet commands. The lack of input sanitization causes the ACC to interpret and execute the injected commands with root privileges instead of treating them as data. This enables privilege escalation from an authenticated user to full system control.
Prerequisites
- Valid user credentials for ACC device authentication
- Telnet access to ACC device command-line interface (typically local network or engineering workstation access)
- Physical or network proximity to access the telnet port
requires valid credentialslocal/network access requiredcommand injection vulnerabilityprivilege escalation to rootaffects access control systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SiPass integrated AC5102 (ACC-G2)< V2.85.442.85.44
SiPass integrated ACC-AP< V2.85.432.85.43
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict telnet access to ACC devices to authorized engineering workstations only using firewall rules or network segmentation
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SiPass integrated AC5102 (ACC-G2)
HOTFIXUpdate SiPass integrated AC5102 (ACC-G2) to firmware version 2.85.44 or later
SiPass integrated ACC-AP
HOTFIXUpdate SiPass integrated ACC-AP to firmware version 2.85.43 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate ACC controllers from untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a52e08f0-f93d-4d1c-82b7-98ab10316bbc