CVE-2022-31807

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31807
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-367714.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:sipass_integrated_ac5102_\(acc-g2\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sipass_integrated_ac5102_\(acc-g2\):-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:sipass_integrated_acc-ap_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sipass_integrated_acc-ap:-:*:*:*:*:*:*:*
History

22 Aug 2025, 19:41

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-367714.html - () https://cert-portal.siemens.com/productcert/html/ssa-367714.html - Vendor Advisory
CPE cpe:2.3:o:siemens:sipass_integrated_acc-ap_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sipass_integrated_acc-ap:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sipass_integrated_ac5102_\(acc-g2\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sipass_integrated_ac5102_\(acc-g2\)_firmware:*:*:*:*:*:*:*:*
First Time Siemens sipass Integrated Ac5102 \(acc-g2\) Firmware
Siemens sipass Integrated Ac5102 \(acc-g2\)
Siemens sipass Integrated Acc-ap Firmware
Siemens sipass Integrated Acc-ap
Siemens
Summary
  • (es) Se ha identificado una vulnerabilidad en SiPass integrado AC5102 (ACC-G2) (todas las versiones) y SiPass integrado ACC-AP (todas las versiones). Los dispositivos afectados no comprueban correctamente la integridad de las actualizaciones de firmware. Esto podría permitir que un atacante local cargue un firmware modificado maliciosamente en el dispositivo. En un segundo escenario, un atacante remoto capaz de interceptar la transferencia de un firmware válido del servidor al dispositivo podría modificar el firmware sobre la marcha.

23 May 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-23 15:15

Updated : 2025-08-22 19:41

NVD link : CVE-2022-31807

Mitre link : CVE-2022-31807

CVE.ORG link : CVE-2022-31807

JSON object : View

Products Affected

siemens

  • sipass_integrated_acc-ap
  • sipass_integrated_acc-ap_firmware
  • sipass_integrated_ac5102_\(acc-g2\)_firmware
  • sipass_integrated_ac5102_\(acc-g2\)
CWE
CWE-347

Improper Verification of Cryptographic Signature