CVE-2020-7591

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.
Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf - Vendor Advisory
References () https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 - Third Party Advisory, US Government Resource

15 Jun 2022, 03:15

Type Values Removed Values Added
References (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 - (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 - Third Party Advisory, US Government Resource

Information

Published : 2020-10-15 19:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7591

Mitre link : CVE-2020-7591

CVE.ORG link : CVE-2020-7591


JSON object : View

Products Affected

siemens

  • siport_mp
CWE
CWE-603

Use of Client-Side Authentication

CWE-287

Improper Authentication