CVE-2022-31807

Опубликовано: 23 мая 2025

Источник: nvd

CVSS3: 6.2

CVSS3: 5.5

EPSS Низкий

Описание

A vulnerability has been identified in Building X - Security Manager Edge Controller (ACC-AP) (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:sipass_integrated_ac5102_\(acc-g2\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sipass_integrated_ac5102_\(acc-g2\):-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:sipass_integrated_acc-ap_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sipass_integrated_acc-ap:-:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00017

Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-347

Связанные уязвимости

GHSA-33j7-6p7h-f87g

CVSS3: 6.2

github

9 месяцев назад

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

EPSS

Процентиль: 3%

0.00017

Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-347