OTPulse
FeedAboutContact

Stack Overflow Vulnerability in SiPass Integrated before V2.90.3.8

Plan Patch7.5SSA-924149Jul 11, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability in the network input handling code. An unauthenticated remote attacker can send a specially crafted request to crash the server application, causing a denial of service that prevents the access control system from processing requests. Siemens has released version 2.90.3.8 to address this issue.

What this means
What could happen
An attacker could crash the SiPass integrated server application, making the access control system unavailable and preventing authorized personnel from entering secured areas or updating access privileges.
Who's at risk
Organizations using Siemens SiPass integrated for access control to secure facilities, including industrial sites, data centers, laboratories, and corporate campuses. This impacts anyone who depends on the access control system for security and operational continuity.
How it could be exploited
An attacker sends a specially crafted network request to the SiPass integrated server application without needing any credentials. The malformed input triggers a stack overflow in the application's network handling code, causing the server process to crash and stop responding to requests.
Prerequisites
  • Network access to the SiPass integrated server application on its listening port
  • No authentication credentials required
remotely exploitableno authentication requiredlow complexityaffects access control systems
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
SiPass integrated< V2.90.3.82.90.3.8
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SiPass integrated to version 2.90.3.8 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/457bb5c7-0dd3-45bb-90ba-1c9579e019b5
Stack Overflow Vulnerability in SiPass Integrated before V2.90.3.8 | CVSS 7.5 - OTPulse