CISA has published an advisory on an insufficient logging vulnerability in Siemens SIPORT MP. All versions prior to 3.1.4 are affected. Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges. Siemens recommends users update to Version 3.1.4 and has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.