CVE-2020-7577 Information

Description

A vulnerability has been identified in Camstar Enterprise Platform (All versions) Opcenter Execution Core (All versions V8.2). Through the use of several vulnerable fields of the application an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read and potentially modify application data to which the user has access to.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

8.1