CVE-2020-28390

CVE-2020-28390

Vendor Siemens
Product Opcenter Execution Core
Weakness CWE-522 · Insufficiently protected credentials
Published January 12, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.

Key dates

02Disclosure timeline

January 12, 2021 CVE published
August 4, 2024 Record updated