A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.
                
            References
                    | Link | Resource | 
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf | Vendor Advisory | 
| https://www.zerodayinitiative.com/advisories/ZDI-21-051/ | Not Applicable | 
| https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf | Vendor Advisory | 
| https://www.zerodayinitiative.com/advisories/ZDI-21-051/ | Not Applicable | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    21 Nov 2024, 05:22
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf - Vendor Advisory | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-21-051/ - Not Applicable | 
Information
                Published : 2021-01-12 21:15
Updated : 2024-11-21 05:22
NVD link : CVE-2020-28390
Mitre link : CVE-2020-28390
CVE.ORG link : CVE-2020-28390
JSON object : View
Products Affected
                siemens
- opcenter_execution_core
CWE
                
                    
                        
                        CWE-522
                        
            Insufficiently Protected Credentials
