3.1.4

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

CWE-603

NVD

Published: 2020-10-15

Updated: 2022-06-15

Summary

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Siport MP - Siemens Siport MP 2.2 Siemens Siport MP 3.0.3 Siemens Siport MP 3.1.4	4

Common Weakness Enumeration (CWE)

CWE-603 - Use of Client-Side Authentication

References

https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06