Details of VAR-202010-1161

ID

VAR-202010-1161

CVE

CVE-2020-7591

TITLE

SIPORT MP Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012387

DESCRIPTION

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled. SIPORT MP Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-7591 // JVNDB: JVNDB-2020-012387 // VULMON: CVE-2020-7591

AFFECTED PRODUCTS

vendor:	siemens	model:	siport mp	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	シーメンス	model:	siport mp	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siport mp	scope:	lt	version:	3.2.1 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-012387 // NVD: CVE-2020-7591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7591
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-7591
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-562
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-7591
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-7591
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-7591
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7591
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-7591 // JVNDB: JVNDB-2020-012387 // CNNVD: CNNVD-202010-562 // NVD: CVE-2020-7591

PROBLEMTYPE DATA

problemtype:	CWE-603	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012387 // NVD: CVE-2020-7591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-562

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-562

PATCH

title:	SSA-384879	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf	Trust: 0.8
title:	Siemens Desigo Insight Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130704	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=053d3e04c01d0ece18bdd1eb01ed16b9	Trust: 0.1

sources: VULMON: CVE-2020-7591 // JVNDB: JVNDB-2020-012387 // CNNVD: CNNVD-202010-562

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-20-287-06	Trust: 2.5
db:	NVD	id:	CVE-2020-7591	Trust: 2.5
db:	SIEMENS	id:	SSA-384879	Trust: 1.7
db:	JVN	id:	JVNVU95462510	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012387	Trust: 0.8
db:	NSFOCUS	id:	50585	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3555	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-562	Trust: 0.6
db:	VULMON	id:	CVE-2020-7591	Trust: 0.1

sources: VULMON: CVE-2020-7591 // JVNDB: JVNDB-2020-012387 // CNNVD: CNNVD-202010-562 // NVD: CVE-2020-7591

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06	Trust: 2.5
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7591	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu95462510/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/50585	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3555/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/603.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-384879.txt	Trust: 0.1

sources: VULMON: CVE-2020-7591 // JVNDB: JVNDB-2020-012387 // CNNVD: CNNVD-202010-562 // NVD: CVE-2020-7591

SOURCES

db:	VULMON	id:	CVE-2020-7591
db:	JVNDB	id:	JVNDB-2020-012387
db:	CNNVD	id:	CNNVD-202010-562
db:	NVD	id:	CVE-2020-7591

LAST UPDATE DATE

2024-11-23T22:11:18.153000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-7591	date:	2020-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-012387	date:	2021-05-07T05:49:00
db:	CNNVD	id:	CNNVD-202010-562	date:	2020-11-17T00:00:00
db:	NVD	id:	CVE-2020-7591	date:	2024-11-21T05:37:25.990

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-7591	date:	2020-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-012387	date:	2021-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202010-562	date:	2020-10-13T00:00:00
db:	NVD	id:	CVE-2020-7591	date:	2020-10-15T19:15:13.080