Vulnerabilities for Opcenter execution core (...) - CXSECURITY.COM

Vulnerabilities for 'Opcenter execution core'

2021-01-12

CVE-2020-28390

CWE-522

A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.

2020-07-14

CVE-2020-7578

CWE-269

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes.

CVE-2020-7577

CWE-89

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.

CVE-2020-7576

CWE-79

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.

>>> Vendor: Siemens 653 Products

Speedstream wireless router

Gigaset se361 wlan router

Speedstream 6520

Speedstream 5200

Gigaset wlan camera

Gigaset c450 ip

Gigaset c475 ip

Gigaset se461 wimax router

Simatic wincc flexible runtime

Simatic wincc runtime

Tecnomatix factorylink

Simatic hmi panels

Wincc flexible runtime

Wincc runtime advanced

Automation license manager

Scalance s firmware

Scalance x-300 firmware

Scalance x-300eec firmware

Scalance x308-2m firmware

Scalance x414-3e firmware

Scalance xr-300 firmware

Scalance x-300eec

Scalance x308-2m

Scalance x414-3e

Scalance xr-300

Simatic s7-400 cpu 412-2 pn

Simatic s7-400 cpu 414-3 pn/dp

Simatic s7-400 cpu 414f-3 pn/dp

Simatic s7-400 cpu 416-3 pn/dp

Simatic s7-400 cpu 416f-3 pn/dp

Simatic s7-400 cpu firmware

Synco ozw web server

Synco ozw web server firmware

Simatic s7-1200 plc

Sipass integrated

Simatic rf-manager

Simatic rf-manager 2008

Wincc tia portal

Scalance x204irt

Scalance x202-2irt

Scalance x202-2p irt

Scalance x201-3p irt

Scalance x200-4p irt

Scalance xf204irt

Scalance x200irt firmware

Openscape session border controller

Enterprise openscape branch

Scalance w744-1

Scalance w744-1pro

Scalance w746-1

Scalance w746-1pro

Scalance w747-1

Scalance w747-1rr

Scalance w784-1

Scalance w784-1rr

Scalance w786-1pro

Scalance w786-2pro

Scalance w786-2rr

Scalance w786-3pro

Scalance w788-1pro

Scalance w788-1rr

Scalance w788-2pro

Scalance w788-2rr

Scalance w700 series firmware

Scalance x-200rna

Scalance xf-200

Scalance x-200 series firmware

See all Products for Vendor Siemens

Copyright 2024, cxsecurity.com