CVE-2025-27493
Published: 11 March 2025
Summary
CVE-2025-27493 is a high-severity Improper Input Validation (CWE-20) vulnerability in Siemens Sipass Integrated Ac5102 \(Acc-G2\) Firmware. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates information input validation at CLI entry points, addressing the improper sanitization that enables command injection.
Requires timely flaw remediation, including patching to V6.4.9 or later as specified in the Siemens advisory to eliminate the vulnerability.
Enforces least privilege to restrict administrator actions and mitigate the impact of root privilege escalation via injected commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary command injection via Telnet CLI for authenticated local admin, directly facilitating Unix shell command execution as root and privilege escalation to full device compromise.
NVD Description
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an…
more
authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
Deeper analysisAI
CVE-2025-27493 affects SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP in all versions prior to V6.4.9. The vulnerability arises from improper sanitization of user input for specific commands on the Telnet command line interface, as classified under CWE-20 (Improper Input Validation). It carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with changed scope.
An authenticated local administrator with access to the Telnet CLI can exploit this flaw by injecting arbitrary commands. These commands execute with root privileges, allowing privilege escalation and full compromise of the device, resulting in high impacts to confidentiality, integrity, and availability.
Siemens Security Advisory SSA-515903, available at https://cert-portal.siemens.com/productcert/html/ssa-515903.html, addresses this issue. Affected systems should be updated to version V6.4.9 or later to mitigate the vulnerability.
Details
- CWE(s)