PT-2023-22153 · Siemens · Simatic Cloud Connect 7 Cc716+1
Published
2023-05-09
·
Updated
2023-05-15
·
CVE-2023-29105
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1
SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1
Description
A denial of service issue has been identified in the affected devices while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).
Recommendations
For SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1, update to a version outside of this range to resolve the issue.
For SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the MQTT broker to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cloud Connect 7 Cc712
Simatic Cloud Connect 7 Cc716