Siemens Opcenter Execution Core (Update A) (ICSA-20-196-07)

August 11, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

July 16, 2020

CISA has published an advisory on cross-site scripting, SQL injection, and improper access control vulnerabilities in Siemens Opcenter Execution Core. For Camstar Enterprise Platform, all versions are affected. For Opcenter Execution Core, all versions prior to version 8.2 are affected. Successful exploitation of these vulnerabilities may allow an attacker to obtain session cookies, read and modify application data, read internal information, and perform unauthorized changes. Should the attacker gain access to the session cookies, they could then hijack the session and perform arbitrary actions in the name of the victim. Siemens recommends users upgrade to Opcenter Execution Core v8.2. It has also identified specific workarounds and mitigations customers can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.