CVE-2020-7577

2020-07-1413:18:05

CWE-89

siemens

www.cve.org

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.4%

JSON

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.

CNA Affected

[
  {
    "product": "Camstar Enterprise Platform",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Opcenter Execution Core",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V8.2"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf