- Description
- A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
- Products
- sipass_integrated_ac5102_\(acc-g2\)_firmware, sipass_integrated_acc-ap_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- productcert@siemens.com
- CWE-20
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
#Vulnerability #CVE202527494 CVE-2025-27494 (CVSS 9.1):Critical Flaw Found in Siemens SiPass Access Control Systems https://t.co/DWAaIIMIhl
@Komodosec
1 Jun 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-27494 ⚠️🔴 CRITICAL (9.1) 🏢 Siemens - SiPass integrated AC5102 (ACC-G2) 🏗️ 0 🔗 https://t.co/PiWVenIkby #CyberCron #VulnAlert #InfoSec https://t.co/Q3mSYoF9Nb
@cybercronai
11 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27494 A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices i… https://t.co/7mfwe7teo8
@CVEnew
11 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27494: CRITICAL] Critical vulnerability found in SiPass integrated systems, versions <6.4.9. Attackers can escalate privileges using REST API pubkey endpoint. Update to V6.4.9 to secure devices.#cybersecurity,#vulnerability https://t.co/fdUCAQAG2e https://t.co/CAAgqo
@CveFindCom
11 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sipass_integrated_ac5102_\\(acc-g2\\)_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E417E572-D776-4664-9BBB-06579C14A9D9",
"versionEndExcluding": "6.4.9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sipass_integrated_ac5102_\\(acc-g2\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0691F0D6-FC6C-41FC-8601-393AECB1E6E9"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sipass_integrated_acc-ap_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F867548F-CC8D-4B1F-87C3-9138DCB7F6E3",
"versionEndExcluding": "6.4.9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sipass_integrated_acc-ap:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7E714A08-D557-4F6F-B089-89E3FFB7105A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]