CISA has published an advisory on a use of client-side authentication vulnerability in Siemens SIPORT MP. Versions 3.2.1 and prior are affected. Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled. Siemens has released an updated version of SIPORT MP and recommends users install this update on all affected systems. It has also identified specific workarounds and mitigations users can apply to reduce risk. CISA also advised on a series of measures to mitigate the vulnerability. Read the advisory at CISA.