Improper input validation in Siemens Opcenter Execution Discrete
CVE-2020-7588
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), O…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.004 (61.0th percentile) — read the EPSS interpretation.
Affected products
- Siemens Opcenter Execution Discrete — versions All versions < V3.2
- Siemens Opcenter Execution Foundation — versions All versions < V3.2
- Siemens Opcenter Execution Process — versions All versions < V3.2
- Siemens Opcenter Intelligence — versions All versions < V3.3
- Siemens Opcenter Quality — versions All versions < V11.3
- Siemens Opcenter Rd&l — versions V8.0
- Siemens Simatic It Lms — versions All versions < V2.6
- Siemens Simatic It Production Suite — versions All versions < V8.0
- Siemens Simatic Notifier Server For Windows — versions All versions
- Siemens Simatic Pcs Neo — versions All versions < V3.0 SP1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-7588?
- CVE-2020-7588 is a vulnerability in Siemens Opcenter Execution Discrete, classified under Improper Input Validation. Published 2020-07-14.
- Is CVE-2020-7588 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.