Camstar Enterprise Platform All versions Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. 

Credit:

The information has been provided by Vendor

The original article can be found at:https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf


Details

The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.

 

Vulnerable Systems:

Camstar Enterprise Platform All versions

Opcenter Execution Core All versions < V8.2

 

CVE Information:

CVE-2020-7577

 

Disclosure Timeline:
Published Date:7/14/2020

Categories: News