Rewterz Threat Advisory – CVE-2020-7591 – ICS: Siemens SIPORT MP Multiple Vulnerabilities

October 14, 2020

Severity

Medium

Analysis Summary

CVE-2020-7591

The affected product has an authentication bypass, which could make it vulnerable to an attacker impersonating a system user. Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled.

Impact

Use of client-side authentication

Affected Vendors

Siemens

Affected Products

SIPORT MP: Versions 3.2.1 and prior

Remediation

Siemens has released an updated version (v3.2.1).

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SonicWall Flags Active Exploitation of Critical Security Flaws

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Cactus Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Siemens Desigo Insight

Rewterz Threat Alert – The EKING Variant of Phobos Ransomware

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.