Details of VAR-202007-1246

ID

VAR-202007-1246

CVE

CVE-2020-7576

TITLE

Camstar Enterprise Platform and Opcenter Execution Core Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-007895

DESCRIPTION

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim

Trust: 2.25

sources: NVD: CVE-2020-7576 // JVNDB: JVNDB-2020-007895 // CNVD: CNVD-2020-40863 // VULMON: CVE-2020-7576

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-40863

AFFECTED PRODUCTS

vendor:	siemens	model:	opcenter execution core	scope:	lt	version:	8.2	Trust: 1.0
vendor:	シーメンス	model:	opcenter execution core	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	opcenter execution core	scope:	lt	version:	8.2	Trust: 0.8
vendor:	siemens	model:	opcenter execution core	scope:	lt	version:	v8.2	Trust: 0.6
vendor:	siemens	model:	camstar enterprise platform	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-40863 // JVNDB: JVNDB-2020-007895 // NVD: CVE-2020-7576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7576
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-7576
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-40863
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202007-835
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-7576
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-7576
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-40863
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-7576
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7576
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-40863 // VULMON: CVE-2020-7576 // JVNDB: JVNDB-2020-007895 // CNNVD: CNNVD-202007-835 // NVD: CVE-2020-7576

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-007895 // NVD: CVE-2020-7576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-835

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202007-835

PATCH

title:	SSA-604937	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf	Trust: 0.8
title:	Patch for Siemens Opcenter Execution Core cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/226127	Trust: 0.6
title:	Siemens Camstar Enterprise Platform and Opcenter Execution Core Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124456	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ce698caf775fc090d4716917b550c984	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2020-7576	Trust: 0.1

sources: CNVD: CNVD-2020-40863 // VULMON: CVE-2020-7576 // JVNDB: JVNDB-2020-007895 // CNNVD: CNNVD-202007-835

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7576	Trust: 3.1
db:	SIEMENS	id:	SSA-604937	Trust: 2.3
db:	ICS CERT	id:	ICSA-20-196-07	Trust: 1.4
db:	JVNDB	id:	JVNDB-2020-007895	Trust: 0.8
db:	CNVD	id:	CNVD-2020-40863	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2398.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2398	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-835	Trust: 0.6
db:	VULMON	id:	CVE-2020-7576	Trust: 0.1

sources: CNVD: CNVD-2020-40863 // VULMON: CVE-2020-7576 // JVNDB: JVNDB-2020-007895 // CNNVD: CNNVD-202007-835 // NVD: CVE-2020-7576

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7576	Trust: 1.4
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-196-07	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.2398.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2398/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-7576	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-604937.txt	Trust: 0.1

sources: CNVD: CNVD-2020-40863 // VULMON: CVE-2020-7576 // JVNDB: JVNDB-2020-007895 // CNNVD: CNNVD-202007-835 // NVD: CVE-2020-7576

SOURCES

db:	CNVD	id:	CNVD-2020-40863
db:	VULMON	id:	CVE-2020-7576
db:	JVNDB	id:	JVNDB-2020-007895
db:	CNNVD	id:	CNNVD-202007-835
db:	NVD	id:	CVE-2020-7576

LAST UPDATE DATE

2024-11-23T20:34:00.290000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-40863	date:	2020-07-19T00:00:00
db:	VULMON	id:	CVE-2020-7576	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-007895	date:	2020-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202007-835	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-7576	date:	2024-11-21T05:37:24.447

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-40863	date:	2020-07-19T00:00:00
db:	VULMON	id:	CVE-2020-7576	date:	2020-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-007895	date:	2020-08-28T00:00:00
db:	CNNVD	id:	CNNVD-202007-835	date:	2020-07-14T00:00:00
db:	NVD	id:	CVE-2020-7576	date:	2020-07-14T14:15:18.213