Skip to main content

CVE-2022-31807: CWE-347: Improper Verification of Cryptographic Signature in Siemens SiPass integrated AC5102 (ACC-G2)

Medium
VulnerabilityCVE-2022-31807cvecve-2022-31807cwe-347
Published: Fri May 23 2025 (05/23/2025, 15:03:38 UTC)
Source: CVE
Vendor/Project: Siemens
Product: SiPass integrated AC5102 (ACC-G2)

Description

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

AI-Powered Analysis

AILast updated: 07/08/2025, 21:26:29 UTC

Technical Analysis

CVE-2022-31807 is a medium-severity vulnerability affecting Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP devices across all versions. The core issue is an improper verification of cryptographic signatures on firmware updates (CWE-347). Specifically, these devices fail to adequately verify the integrity and authenticity of firmware before installation. This flaw allows a local attacker with physical or network access to upload maliciously modified firmware directly to the device. Additionally, a remote attacker capable of intercepting firmware transfers between the update server and the device could perform a man-in-the-middle attack, modifying the firmware "on the fly" during transmission. The vulnerability does not require user interaction or privileges, but local access is needed for direct upload attacks, while remote interception requires network positioning. The impact is primarily on the integrity of the device firmware, potentially enabling attackers to implant persistent malicious code, disrupt device operation, or bypass security controls embedded in the access control system. The CVSS v3.1 score is 6.2 (medium), reflecting the local attack vector with low complexity and no privileges required, but no direct impact on confidentiality or availability. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on network protections and monitoring until official fixes are released.

Potential Impact

For European organizations, this vulnerability poses a significant risk to physical security infrastructure relying on Siemens SiPass integrated AC5102 and ACC-AP devices. Compromise of these devices could allow attackers to manipulate access control systems, potentially granting unauthorized physical access to sensitive facilities such as data centers, government buildings, or critical infrastructure sites. This undermines the integrity of physical security measures and could facilitate further attacks or data breaches. The ability to modify firmware remotely via intercepted updates increases the attack surface, especially in environments where firmware updates are transmitted over unsecured or poorly segmented networks. The lack of confidentiality impact reduces risk of data leakage directly from the device, but the integrity compromise can have cascading effects on organizational security posture. European organizations with Siemens access control deployments should consider this vulnerability a priority due to the critical role of physical security in regulatory compliance and operational continuity.

Mitigation Recommendations

1. Immediately implement network segmentation and strict access controls to limit local access to SiPass devices and their update servers. 2. Use encrypted and authenticated channels (e.g., VPNs, TLS) for firmware update transmissions to prevent interception and tampering. 3. Monitor network traffic for unusual patterns indicative of man-in-the-middle attacks or unauthorized firmware uploads. 4. Restrict physical access to devices to trusted personnel only and audit access logs regularly. 5. Engage with Siemens support to obtain official patches or firmware updates addressing this vulnerability as soon as they become available. 6. Consider deploying additional integrity verification mechanisms externally, such as cryptographic hash checks of firmware files before deployment. 7. Maintain an incident response plan specific to physical security device compromise to quickly detect and remediate any exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
siemens
Date Reserved
2022-05-30T10:21:52.586Z
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683092a10acd01a249273f39

Added to database: 5/23/2025, 3:22:09 PM

Last enriched: 7/8/2025, 9:26:29 PM

Last updated: 8/3/2025, 11:44:45 AM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats