Firmware Integrity Vulnerability in SiPass Integrated Access Control Systems
CVE-2022-31807
8.2HIGH
Key Information:
- Vendor
Siemens
- Vendor
- CVE Published:
- 23 May 2025
What is CVE-2022-31807?
A vulnerability exists in SiPass integrated access control systems, specifically in the AC5102 and ACC-AP devices, where the integrity checks for firmware updates are insufficient. This oversight may permit a local attacker to upload malicious firmware directly to the device. Additionally, it creates a potential risk where a remote attacker could intercept firmware updates during transmission, allowing them to modify legitimate firmware before installation. This flaw underscores the importance of robust firmware validation measures to prevent unauthorized access and ensure system integrity.
Affected Version(s)
SiPass integrated AC5102 (ACC-G2) 0
SiPass integrated ACC-AP 0