Analysis Summary

CVE-2022-31807 CVSS:6.2

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP. Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

CVE-2022-31812 CVSS:7.5

A vulnerability has been identified in SiPass integrated. Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.

Impact

• Denial of Service
• Gain Access

Indicators of Compromise

CVE

• CVE-2022-31807

• CVE-2022-31812

Affected Vendors

Affected Products

• Siemens SiPass integrated ACC-AP
• Siemens SiPass integrated AC5102 (ACC-G2)
• Siemens SiPass integrated

Remediation

Refer to the Siemens Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2022-31807 

CVE-2022-31812