CVE-2020-28390

Published: Jan 12, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.

Affected (2)

Products: Siemens: Opcenter Execution Core

1 product

Opcenter Execution Core

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Opcenter Execution Core	Version 8.2
Siemens Opcenter Execution Core	Version 8.3

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf

Source: productcert@siemens.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-051/

Source: productcert@siemens.com

Not Applicable

https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-051/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.