Siemens has an update available to mitigate an insufficient logging vulnerability in its SIPORT MP, according to a report with CISA.

Successful exploitation of this remotely exploitable vulnerability, which Siemens self-reported, could allow the attacker to create special accounts with administrative privileges.

All versions of SIPORT MP prior to 3.1.4 suffer from the vulnerability. In the vulnerability, some versions of the device allow the creation of special accounts (service users) with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.

CVE-2019-19277 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

Schneider Bold

The product sees use mainly in the commercial facilities and government facilities sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill levels could leverage the vulnerability.

Siemens recommends users to update to Version 3.1.4 (login required).

Siemens identified the following specific workarounds and mitigations users can apply to reduce the risk:

  • For SIPORT MP Versions 3.0.x, apply the latest hotfix for Version 3.0.3
  • For SIPORT MP Versions 2.2 and later, apply the SIPORT_CleanUsers tool
  • As a general security measure Siemens recommends users protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

    Click here for additional information on Industrial Security by Siemens.

    For more information see the Siemens security advisory.

    Pin It on Pinterest

    Share This