Lucene search
SiemensCVELIST:CVE-2020-28390HistoryJan 12, 2021 - 8:18 p.m.
CVE-2020-28390
2021-01-1220:18:36
CWE-522
siemens
www.cve.org
4
vulnerability
opcenter execution core
local attacker
information leakage
web client sessions
password disclosure
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.
CNA Affected
[
{
"product": "Opcenter Execution Core",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V8.2"
}
]
},
{
"product": "Opcenter Execution Core",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V8.3"
}
]
}
]Related
cve
cve
CVE-2020-28390
2021-01-12 21:15:18
nvd
nvd
CVE-2020-28390
2021-01-12 21:15:18
prion
prion
Information disclosure
2021-01-12 21:15:00
ics
ics
Siemens Opcenter Execution Core (Update B)
2021-01-12 12:00:00