All CISA Advisories, EN

SiRcom SMART Alert (SiSA)

2025-11-25 20:11

1. EXECUTIVE SUMMARY

CVSS v4 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: SiRcom
Equipment: SMART Alert (SiSA)
Vulnerability: Missing Authentication for Critical Function

2. RISK EVALUATION

Successful exploitation of this vulnerability could enable an attacker to remotely activate or manipulate emergency sirens.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of SiRcom SMART Alert (SiSA), a central control system, are affected:

SMART Alert (SiSA): Version 3.0.48

3.2 VULNERABILITY OVERVIEW

3.2.1 Missing Authentication for Critical Function CWE-306

SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.

CVE-2025-13483 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-13483. A base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Emergency Services, Government Services and Facilities, Defense Industrial Base
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

SiRcom SMART Alert (SiSA)

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share

Critical vLLM Flaw Puts AI Systems at Risk of Remote Code Execution →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Life in the Swimlane with Pauline Bacot, Senior Product Marketing Manager November 25, 2025

NDSS 2025 – EAGLEYE: Exposing Hidden Web Interfaces In loT Devices Via Routing Analysis November 25, 2025

AI Agent Security Firm Vijil Raises $17 Million November 25, 2025

CISA Warns of Spyware Targeting Messaging App Users November 25, 2025

Introducing guidelines for network scanning November 25, 2025

HashJack attack shows AI browsers can be fooled with a simple ‘#’ November 25, 2025

Critical vLLM Flaw Puts AI Systems at Risk of Remote Code Execution November 25, 2025

SiRcom SMART Alert (SiSA) November 25, 2025

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share November 25, 2025

CISA Releases Seven Industrial Control Systems Advisories November 25, 2025

Opto 22 groov View November 25, 2025

Festo Compact Vision System, Control Block, Controller, and Operator Unit products November 25, 2025

Nominations Open For The Most Inspiring Women in Cyber Awards 2026 November 25, 2025

Salt Security Launches Salt MCP Finder Technology November 25, 2025

Charting the future of SOC: Human and AI collaboration for better security November 25, 2025

Everest ransomware claims breach at Spain’s national airline Iberia with 596 GB data theft November 25, 2025

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys November 25, 2025

IT Security News Hourly Summary 2025-11-25 18h : 12 posts November 25, 2025

“Shai-Hulud” Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 25) November 25, 2025

Get ready for 2026, the year of AI-aided ransomware November 25, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}