Perceptive Security
SOC/SIEM Consultancy
SiRcom SMART Alert (SiSA)
Published:
25 november 2025 om 12:00:00
Alert date:
5 december 2025 om 08:03:23
Source:
cisa.gov
CISA published an advisory for CVE-2025-13483, a critical authentication bypass vulnerability in SiRcom SMART Alert (SiSA) Version 3.0.48. The vulnerability allows unauthenticated attackers to bypass login screens using browser developer tools and gain unauthorized access to backend APIs. Successful exploitation could enable remote activation or manipulation of emergency sirens. The vulnerability has a CVSS v3.1 score of 9.1 and CVSS v4 score of 8.8. SiRcom did not respond to CISA's coordination efforts. The system is used worldwide in critical infrastructure sectors including Emergency Services, Government Facilities, and Defense Industrial Base.
Technical details
Mitigation steps:
Affected products:
SiRcom SMART Alert (SiSA)
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-06
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/306.html
https://www.cve.org/CVERecord?id=CVE-2025-13483
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
https://sircom.org/contact/
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.