Severity
Medium
Analysis Summary
CVE-2022-31807 CVSS:6.2
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP. Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".
CVE-2022-31812 CVSS:7.5
A vulnerability has been identified in SiPass integrated. Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2022-31807
CVE-2022-31812
Affected Vendors
Affected Products
- Siemens SiPass integrated ACC-AP
- Siemens SiPass integrated AC5102 (ACC-G2)
- Siemens SiPass integrated
Remediation
Refer to the Siemens Security Advisory for patch, upgrade, or suggested workaround information.