PT-2023-22154 · Siemens · Simatic Cloud Connect 7 Cc716+1

Publicado

2023-05-09

·

Atualizado

2023-05-15

·

CVE-2023-29106

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1 SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1
Description A vulnerability has been identified where the export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.
Recommendations For SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1, consider restricting access to the export endpoint until a patch is available. For SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1, consider restricting access to the export endpoint until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-29106

Produtos afetados

Simatic Cloud Connect 7 Cc712
Simatic Cloud Connect 7 Cc716