SSA-978558 (Last Update: 2020-02-11): Insufficient Logging Vulnerability in SIPORT MP


2020-02-11 00:00:00 UTC


SIPORT MP version 3.1.4 fixes a vulnerability that allowed to create special accounts ("service users") which could enable an authenticated attacker to perform actions that are invisible to other users of the system.

Siemens recommends customers to apply the update. For older versions, a hotfix and a tool are available to mitigate the vulnerability.