ICSA-20-196-07
·
Published 2020-08-11
·
View on CISA ICS-CERT ↗
Siemens Opcenter Execution Core (Update B)
CVSS 8.5
HIGH
Remediations
- Configure a web application firewall to filter traffic containing XSS Injection and SQL Injections
- Restrict access to application webserver for trusted users only
- CVE-2020-7576: Review access permissions for the application and limit the number of users with the ability to create containers, packages, or to register defects
- Update to Opcenter Execution Core V8.4 or later version
- CVE-2020-28390: Ensure that only trusted persons have access to Opcenter Execution Core servers
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
Camstar Enterprise Platform
vers:all/*
Siemens
·
Opcenter Execution Core
<V8.2
Siemens
·
Opcenter Execution Core
V8.2
Siemens
·
Opcenter Execution Core
V8.3
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more