OTPulse
FeedAboutContact

Siemens SIPORT MP

Plan Patch8.8ICS-CERT ICSA-20-287-06Oct 13, 2020
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SIPORT MP contains an access control vulnerability (CWE-603) that allows authenticated users to perform unauthorized actions. An attacker with valid user credentials can read sensitive data, modify configurations, or disrupt system operations. Siemens has released version 3.2.1 as a fix. The vulnerability affects all versions prior to 3.2.1.

What this means
What could happen
An attacker with user-level access to SIPORT MP could read sensitive data, modify system configurations, or disrupt operations on affected installations. This could lead to unauthorized process changes or data exfiltration from the system.
Who's at risk
Organizations using Siemens SIPORT MP for industrial automation and process control should prioritize this update. SIPORT MP is typically deployed in chemical, power, water treatment, and manufacturing facilities where it manages critical automation logic and data access. Any facility using versions prior to 3.2.1 is affected.
How it could be exploited
An attacker with valid user credentials could authenticate to SIPORT MP and exploit insufficient access control to perform unauthorized actions. The attacker would need network access to the SIPORT MP interface and valid login credentials to reach the vulnerable functionality.
Prerequisites
  • Network access to SIPORT MP (typically on protected network)
  • Valid user credentials for SIPORT MP authentication
  • Access to the affected SIPORT MP interface or API
Low authentication barrier (user-level credentials required)High CVSS score (8.8)Allows data read and system modificationNo public exploits known yet
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
SIPORT MP: All<3.2.13.2.1
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict network access to SIPORT MP to authorized personnel only using firewall rules and access controls
WORKAROUNDContact Siemens support for specific mitigation measures if immediate patching is not possible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIPORT MP to version 3.2.1 or later
Long-term hardening
0/2
HARDENINGIsolate SIPORT MP system from business network and Internet
HARDENINGImplement VPN with current security patches for any required remote access to SIPORT MP
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3c8f418c-ed34-404e-82bf-ebfc5fc17f12
Siemens SIPORT MP | CVSS 8.8 - OTPulse