CVE-2024-52285 Siemens CVE debrief

Who should care

Security, operations, and asset-management teams responsible for Siemens SiPass integrated AC5102 (ACC-G2) or ACC-AP deployments, especially in environments where these devices are reachable from untrusted networks.

Technical summary

According to the CISA/Siemens advisory, affected devices expose several MQTT URLs without authentication. The impact described is limited to confidentiality: an unauthenticated remote attacker could access sensitive data. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, which corresponds to a 5.3 MEDIUM score.

Defensive priority

Medium priority, but treat as urgent if the devices are network-reachable beyond a tightly controlled management segment. Because the issue requires no authentication and no user interaction, exposed deployments should be patched and access-restricted promptly.

Recommended defensive actions

• Update affected Siemens SiPass integrated systems to V6.4.8 or later.
• Confirm whether AC5102 (ACC-G2) and ACC-AP devices are present in the environment and identify any exposed management or MQTT-facing network paths.
• Restrict network access to these devices so only trusted administrative systems can reach them.
• Review logs and access controls for unexpected connections to MQTT-related services on affected devices.
• Use CISA and vendor advisory references to validate remediation status and deployment scope.

Evidence notes

All statements above are derived from the supplied CISA CSAF advisory and its referenced Siemens advisory. The issue description explicitly states that affected devices expose several MQTT URLs without authentication and that this could allow an unauthenticated remote attacker to access sensitive data. The remediation field specifies V6.4.8 or later. The revision history indicates the advisory was published on 2025-03-11 and later revised on 2025-05-06 for typo fixes only.

Official resources