VYPR

Sipass Integrated

by Siemens Foundation

CVEs (17)

  • CVE-2017-9939CriAug 8, 2017
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.

  • CVE-2017-9940HigAug 8, 2017
    risk 0.53cvss 8.1epss 0.01

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.

  • CVE-2017-9942HigAug 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

  • CVE-2017-9941HigAug 8, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.

  • CVE-2024-52285MedMar 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access…

  • CVE-2012-5409Nov 1, 2012
    risk 0.04cvss epss 0.16

    AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted…

  • CVE-2025-40774Oct 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful…

  • CVE-2025-40773Oct 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. …

  • CVE-2025-40772Oct 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. …

  • CVE-2022-31812May 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote…

  • CVE-2025-27494Mar 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote…

  • CVE-2025-27493Mar 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an…

  • CVE-2022-31810Jul 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. This could allow an unauthenticated…

  • CVE-2022-31808Feb 14, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user…

  • CVE-2021-44524Dec 14, 2021
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications…

  • CVE-2021-44523Dec 14, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications…

  • CVE-2021-44522Dec 14, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications…