PT-2023-22162 · Siemens · Simatic Cloud Connect 7 Cc716+1
Published
2023-05-09
·
Updated
2023-05-15
·
CVE-2023-29128
CVSS v3.1
3.8
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
SIMATIC Cloud Connect 7 CC712 versions 2.0 through 2.0
SIMATIC Cloud Connect 7 CC716 versions 2.0 through 2.0
Description
A path traversal vulnerability has been identified in the upload feature of the web-based management of the affected devices. This could allow an authenticated privileged remote attacker to write any file with the extension
.db.Recommendations
For SIMATIC Cloud Connect 7 CC712 version 2.0, consider restricting access to the upload feature in the web-based management until a patch is available.
For SIMATIC Cloud Connect 7 CC716 version 2.0, consider restricting access to the upload feature in the web-based management until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cloud Connect 7 Cc712
Simatic Cloud Connect 7 Cc716