SIEMENS-SSA-604937 · Published 2021-01-12 · View on Siemens ProductCERT ↗

SSA-604937 V1.2 (Last Update: 2021-01-12): Multiple Web Server Vulnerabilities in Opcenter Execution Core

CVSS 8.1 HIGH

Risk Summary

<p>Opcenter Execution Core (formerly known as Camstar Enterprise Platform) contains a cross-site scripting (CVE-2020-7576), an SQL injection (CVE-2020-7577), a privilege escalation (CVE-2020-7578), and an information disclosure vulnerability (CVE-2020-28930) in various versions of the product.</p> <p>Siemens has released an update for Opcenter Execution Core and recommends to update to the latest version.</p>

CVEs (4)

CVE-2020-7576 CVE-2020-7577 CVE-2020-7578 CVE-2020-28930

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-604937 V1.2 (Last Update: 2021-01-12): Multiple Web Server Vulnerabilities in Opcenter Execution Core See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more