CVE-2020-7591
15.10.2020, 19:15
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.Enginsight| Vendor | Product | Version |
|---|---|---|
| siemens | siport_mp | 𝑥 < 3.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-603 - Use of Client-Side AuthenticationA client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.