CVE-2020-7591 – This vulnerability in Siemens SIPORT MP allows ... (How to Fix)

Q: How do I fix CVE-2020-7591?

1. Download SIPORT MP version 3.2.1 or later from Siemens support portal. 2. Backup current configuration. 3. Install the update following Siemens documentation. 4. Restart the system. 5. Verify version and functionality.

Q: What is the severity of CVE-2020-7591?

CVE-2020-7591 has a CVSS score of 8.8 (HIGH). This vulnerability in Siemens SIPORT MP allows authenticated attackers to impersonate other users and perform actions on their behalf when the 'Allow logon without password' single sign-on feature is enabled. This affects all SIPORT MP versions before 3.2.1, potentially enabling privilege escalation and unauthorized administrative actions.

📋 TL;DR

This vulnerability in Siemens SIPORT MP allows authenticated attackers to impersonate other users and perform actions on their behalf when the 'Allow logon without password' single sign-on feature is enabled. This affects all SIPORT MP versions before 3.2.1, potentially enabling privilege escalation and unauthorized administrative actions.

💻 Affected Systems

Products:

Siemens SIPORT MP

Versions: All versions < 3.2.1

Operating Systems: Not specified - embedded industrial system

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when 'Allow logon without password' single sign-on feature is enabled.

📦 What is this software?

Siport Mp by Siemens

View all CVEs affecting Siport Mp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could impersonate administrators, gain full system control, modify configurations, access sensitive data, and potentially disrupt industrial operations.

🟠

Likely Case

Authenticated users could impersonate other users to access unauthorized data, modify permissions, or perform actions beyond their normal privileges.

🟢

If Mitigated

With the single sign-on feature disabled, the vulnerability cannot be exploited, maintaining normal authentication controls.

🌐 Internet-Facing: HIGH if exposed to internet with vulnerable configuration, as authenticated attackers could exploit remotely.

🏢 Internal Only: HIGH as authenticated internal users could exploit to escalate privileges and access sensitive systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access and the vulnerable feature enabled. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.1

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf

Restart Required: Yes

Instructions:

1. Download SIPORT MP version 3.2.1 or later from Siemens support portal. 2. Backup current configuration. 3. Install the update following Siemens documentation. 4. Restart the system. 5. Verify version and functionality.

🔧 Temporary Workarounds

Disable Single Sign-On Feature

all

Disable the 'Allow logon without password' feature to prevent exploitation.

Access SIPORT MP web interface > Configuration > Security Settings > Disable 'Allow logon without password'

🧯 If You Can't Patch

Disable the 'Allow logon without password' feature immediately
Implement network segmentation to restrict access to SIPORT MP systems
Monitor authentication logs for unusual impersonation attempts
Review and limit user privileges to minimum necessary

🔍 How to Verify

Check if Vulnerable:

Check SIPORT MP version via web interface or CLI. If version < 3.2.1 AND 'Allow logon without password' is enabled, system is vulnerable.

Check Version:

Access SIPORT MP web interface > System Information or use device-specific CLI commands

Verify Fix Applied:

Verify version is 3.2.1 or higher via system interface and confirm 'Allow logon without password' feature status.

📡 Detection & Monitoring

Log Indicators:

Multiple user sessions from same source
Unusual privilege escalation events
Authentication events without password verification when SSO enabled

Network Indicators:

Unusual authentication patterns to SIPORT MP interface
Multiple user impersonation attempts

SIEM Query:

source="siemens-siport" AND (event_type="authentication" AND user_impersonation=true) OR (feature="allow_logon_without_password" AND enabled=true)

📊 Metadata

CVE ID: CVE-2020-7591

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-603

Published: October 15, 2020

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 Third Party Advisory,US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7591, you might also want to check these: