PT-2023-22154 · Siemens · Simatic Cloud Connect 7 Cc716+1

Published

2023-05-09

Updated

2023-05-15

CVE-2023-29106

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1 SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1

Description A vulnerability has been identified where the export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

Recommendations For SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.1, consider restricting access to the export endpoint until a patch is available. For SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.1, consider restricting access to the export endpoint until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-29106

Affected Products

Simatic Cloud Connect 7 Cc712

Simatic Cloud Connect 7 Cc716

PT-2023-22154 · Siemens · Simatic Cloud Connect 7 Cc716+1

CVE-2023-29106

Weakness Enumeration

Related Identifiers

Affected Products

References · 4