Camstar Enterprise Platform All versions Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability
A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server.
The information has been provided by Vendor
The original article can be found at:https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf
The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.
Camstar Enterprise Platform All versions
Opcenter Execution Core All versions < V8.2