ID
VAR-202502-1670
TITLE
Siemens SiPass integrated third-party component DotNetZip directory traversal vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2025-03033
DESCRIPTION
Siemens SiPass integrated is a powerful and flexible access control system for organizations of all sizes, from simple offices to large, complex facilities with thousands of doors, gates, barriers, and elevators. A directory traversal vulnerability exists in DotNetZip, a third-party component of Siemens SiPass integrated, which can be exploited by an attacker to execute arbitrary code on the application server if a specially crafted backup set is used to restore it.
Trust: 0.6
sources:
CNVD: CNVD-2025-03033
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2025-03033
AFFECTED PRODUCTS
| vendor: | siemens | model: | sipass integrated | scope: | lt | version: | v2.90.3.19 | Trust: 0.6 |
| vendor: | siemens | model: | sipass integrated | scope: | lt | version: | v2.95.3.15 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-03033
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2025-03033
PATCH
| title: | Patch for Siemens SiPass integrated third-party component DotNetZip directory traversal vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/656356 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-03033
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-992434 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2025-03033 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-03033
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-992434.html | Trust: 0.6 |
sources:
CNVD: CNVD-2025-03033
SOURCES
| db: | CNVD | id: | CNVD-2025-03033 |
LAST UPDATE DATE
2025-02-22T23:30:03.122000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-03033 | date: | 2025-02-18T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-03033 | date: | 2025-02-19T00:00:00 |