SSA-978558 (Last Update: 2020-02-11): Insufficient Logging Vulnerability in SIPORT MP

Published

2020-02-11 00:00:00 UTC

Summary

SIPORT MP version 3.1.4 fixes a vulnerability that allowed to create special accounts ("service users") which could enable an authenticated attacker to perform actions that are invisible to other users of the system.

Siemens recommends customers to apply the update. For older versions, a hotfix and a tool are available to mitigate the vulnerability.