VDB
ICSA-20-287-06
ICSA-20-287-06
PUBLISHED
CVSS 8.800000190734863 HIGH
Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (Allow logon without password) is enabled.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIPORT MP: All versions < 3.2.1 |
Timeline
- Oct 13, 2020 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-287-06.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-20-287-06 advisory
- https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B url
- https://cert-portal.siemens.com/productcert/txt/SSA-384879.txt url
- https://support.industry.siemens.com/cs/ww/en/view/109781856 fix