Directory Traversal Vulnerability in Third-Party Component in SiPass integrated
Act Now9.1SSA-992434Feb 17, 2025
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
SiPass integrated is affected by a directory traversal vulnerability in the DotNetZip third-party library. An attacker with administrative credentials could craft a malicious backup file that, when restored by the system, would extract files outside the intended directory. This could allow arbitrary code execution on the SiPass integrated application server.
What this means
What could happen
An attacker with administrative credentials could upload a malicious backup file and execute arbitrary code on the SiPass integrated server, potentially compromising access control operations across your facility.
Who's at risk
Water authorities and municipal electric utilities using SiPass integrated for physical access control (badge readers, door locks, turnstiles, secure area entry) are affected. This is primarily a concern for IT/security staff managing the access control system, as the vulnerability requires administrator credentials.
How it could be exploited
An attacker with admin access to SiPass integrated uploads a specially crafted backup file containing directory traversal sequences. When the system restores from this backup, the DotNetZip library extracts files outside the intended directory, allowing the attacker to write arbitrary files to the server and execute code.
Prerequisites
- Administrative/high-level user credentials for SiPass integrated
- Ability to upload or restore a backup file through the SiPass integrated interface
- SiPass integrated server must be reachable from the network location where the admin is working
Remotely exploitable over the networkRequires high-privilege credentials (administrative access)Low attack complexity once authenticatedResults in arbitrary code execution on serverCould affect facility security operations if access control system is compromised
Exploitability
Moderate exploit probability (EPSS 1.7%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SiPass integrated V2.90< V2.90.3.192.90.3.19
SiPass integrated V2.95< V2.95.3.152.95.3.15
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SiPass integrated V2.90
HOTFIXUpdate SiPass integrated V2.90 to version 2.90.3.19 or later
SiPass integrated V2.95
HOTFIXUpdate SiPass integrated V2.95 to version 2.95.3.15 or later
Long-term hardening
0/2HARDENINGRestrict administrative access to SiPass integrated to a small number of trusted personnel and enforce strong authentication
HARDENINGImplement network controls to limit which workstations can upload or restore backup files to the SiPass integrated server
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bd608f63-b1bb-4a38-8010-c4a11ddad353