3.0.3

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

siemens

NVD

Published: 2020-03-10

Updated: 2021-11-03

Summary

A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Siport MP - Siemens Siport MP 2.2 Siemens Siport MP 3.0.3	3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf
https://www.us-cert.gov/ics/advisories/icsa-20-042-08