Full Report
Building X - Security Manager Edge Controller (ACC-AP) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Improper Integrity Check of Firmware Updates in Building X - Security Manager Edge Controller
## CVE Details
- CVE ID: CVE-2022-31807
- CVSS Score: 6.2 (Medium) [CVSS v3.1] / 5.9 (Medium) [CVSS v4.0]
- CWE: CWE-347: Improper Verification of Cryptographic Signature
## Affected Systems
- Products: Building X - Security Manager Edge Controller (ACC-AP)
- Versions: All affected versions
- Configurations: N/A
## Vulnerability Description
Affected devices fail to properly check the integrity of firmware updates during the application process. This vulnerability allows an attacker to upload a maliciously modified firmware onto the device. The vulnerability can be exploited: 1) by a local attacker uploading modified firmware directly, or 2) by a remote attacker who intercepts the firmware transfer between the server and the device and modifies the valid firmware *on the fly*.
## Exploitation
- Status: Not described as exploited in the wild, but PoC / exploitation scenarios are logically detailed (local and active man-in-the-middle).
- Complexity: Low (CVSS v3.1 vector suggests Low Attack Complexity (AC:L))
- Attack Vector: Local (AV:L) for direct upload, implies network reachability for MITM scenario.
## Impact
- Confidentiality: No Impact (C:N)
- Integrity: High Impact (I:H) - Allows installation of malicious firmware, leading to system compromise.
- Availability: No Impact (A:N)
## Remediation
### Patches
- Currently, no fix is planned for this specific vulnerability in the listed product.
### Workarounds
Customers must apply the following mitigations to reduce risk:
1. Use the ACC Firmware App to apply updates in a controlled and authenticated manner.
2. Ensure only verified firmware packages from the official SIOS portal are installed on the controller.
3. Validate the integrity of the downloaded firmware by confirming its hash value manually.
4. Limit access to the controller to authorized personnel and protect/update credentials per policy.
5. Protect network access to affected products with appropriate mechanisms (General Security Recommendations).
## Detection
- **Indicators of Compromise:** Installation of unauthorized or unsigned firmware binaries on the ACC-AP device.
- **Detection Methods and Tools:** Monitoring firmware update logs for unusual activity, enforcing strict network segmentation around the controller, and manually verifying firmware hash values against known good values.
## References
- Vendor Advisories: [https://cert-portal.siemens.com/productcert/html/ssa-420375.html](https://cert-portal.siemens.com/productcert/html/ssa-420375.html)
- General Security Recommendations: [https://cert-portal.siemens.com/productcert/html/ssa-420375.html#general-recommendations](https://cert-portal.siemens.com/productcert/html/ssa-420375.html#general-recommendations)