Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Description

SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.

AI Analysis

Unauthenticated access to backend APIs via missing authentication for critical functions

Basic Information

ID CVE-2025-13483

Source icscert

Published Nov 25, 2025 at 17:36

Modified Nov 25, 2025 at 20:21

Affected Product

Vendor SiRcom

Product SMART Alert (SiSA

Version 3.0.48

Affected Versions SiRcom SMART Alert (SiSA 3.0.48

CWE Classification

CWE-306

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor SiRcom

Product SMART Alert (SiSA)

Version 3.0.48

References

www.cisa.gov /news-events/ics-advisories/icsa-25-329-06

{
    "lastseen": "",
    "description": "SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.",
    "published": "2025-11-25T17:36:24.451Z",
    "modified": "2025-11-25T20:21:13.361Z",
    "type": "cve",
    "title": "Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-06",
    "id": "CVE-2025-13483",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SiRcom SMART Alert (SiSA 3.0.48",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SMART Alert (SiSA",
    "version": "3.0.48",
    "vendor": "SiRcom",
    "ai_description": "Unauthenticated access to backend APIs via missing authentication for critical functions",
    "ai_severity": "High",
    "ai_vendor": "SiRcom",
    "ai_product": "SMART Alert (SiSA)",
    "ai_version": "3.0.48",
    "ai_score": 8.8
}

Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)_CVE-2025-13483