CVE-2023-29105

Name of the Vulnerable Software and Affected Versions SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1 SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1

Description A denial of service issue has been identified in the affected devices while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

Recommendations For SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1, update to a version outside of this range to resolve the issue. For SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the MQTT broker to minimize the risk of exploitation.