Vulnerability Description
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Siport Mp | < 3.2.1 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06Third Party AdvisoryUS Government Resource
- https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-7591?
CVE-2020-7591 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (p...
How severe is CVE-2020-7591?
CVE-2020-7591 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7591?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Siport Mp.