CVE-2020-7577
HIGHOpcenter Execution Core < 8.2 - Authenticated SQL Injection via Vulnerable Application Fields
Title source: llmDescription
A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf
Scores
CVSS v3
8.1
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-89
Status
published
Products (1)
siemens/opcenter_execution_core
< 8.2
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026