CISA has published an advisory on an insufficient logging vulnerability in Siemens SIPORT MP. All versions prior to 3.1.4 are affected. Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges. Siemens recommends users update to Version 3.1.4 and has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
H2OSecCon Spring 2024 - featuring panels and briefings on cybersecurity, physical security, operational resilience, and more - is on May 23. REGISTER NOW!