3.1.4

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

siemens

CWE-603

NVD

Published: 2020-10-15

Updated: 2022-06-15

Summary

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Siport MP - Siemens Siport MP 2.2 Siemens Siport MP 3.0.3 Siemens Siport MP 3.1.4	4

Common Weakness Enumeration (CWE)

CWE-603 - Use of Client-Side Authentication

References

https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06