PatchSiren cyber security CVE debrief
CVE-2025-27493 Siemens CVE debrief
CVE-2025-27493 describes an input-sanitization flaw in the telnet command-line interface of affected Siemens SiPass integrated devices. According to the CISA CSAF advisory and Siemens advisory, an authenticated local administrator can inject arbitrary commands that execute with root privileges, creating a local privilege-escalation path. Siemens and CISA list affected products as SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP, and recommend upgrading to V6.4.9 or later.
- Vendor
- Siemens
- Product
- SiPass integrated AC5102 (ACC-G2)
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Operators, administrators, and security teams responsible for Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP deployments should prioritize this advisory, especially where telnet-based administrative access is enabled or where multiple personnel share local administrator credentials.
Technical summary
The advisory states that affected devices improperly sanitize user input for specific telnet CLI commands. The attacker must already have authenticated local administrator access. Under those conditions, crafted input can be interpreted as arbitrary commands, and the executed commands run with root privileges. The published CVSS vector reflects local attack requirements and high impact to confidentiality, integrity, and availability (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Defensive priority
High. The issue is severe, but it requires authenticated local administrative access. Prioritize remediation on systems where telnet administration is enabled, shared, or not tightly controlled, and apply the vendor fix as soon as operationally feasible.
Recommended defensive actions
- Update Siemens SiPass integrated AC5102 (ACC-G2) and ACC-AP to V6.4.9 or later.
- Set an individual strong password for the administrator account named "SIEMENS" as recommended by the vendor.
- Restrict and monitor administrative access to affected devices, especially any telnet-based management access.
- Apply CISA and ICS defense-in-depth guidance for industrial control system environments.
- Verify that asset inventories identify all deployed instances of the affected Siemens products before scheduling remediation.
Evidence notes
All core technical claims are drawn from the supplied CISA CSAF source item and the cited Siemens advisory references. The source states that affected devices improperly sanitize user input for specific telnet CLI commands and that an authenticated local administrator could inject arbitrary commands executed with root privileges. The advisory metadata lists the affected products, the remediation to update to V6.4.9 or later, and the strong-password mitigation for the "SIEMENS" administrator account. Published date context is 2025-03-11; the 2025-05-06 update is described as a revision for typo fixes.
Official resources
-
CVE-2025-27493 CVE record
CVE.org
-
CVE-2025-27493 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-03-11 via CISA advisory ICSA-25-072-04. The source timeline shows a 2025-05-06 revision labeled as typo fixes; that revision does not change the original disclosure date.