CVE-2023-29103 — Use of Hard-coded Password in Siemens Simatic Cloud Connect 7 Cc712

CWE-259 — Use of Hard-coded Password3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 57.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens 6gk1411-1ac00 Firmware Siemens 6gk1411-5ac00 Firmware Siemens Simatic Cloud Connect 7 Cc712 +1 more

Timeline

PublishedMay 9

Description

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5siemens/simatic_cloud_connect_7_cc712All versions < V2.1, All versions >= V2.0 < V2.1+1

▶CVEListV5siemens/simatic_cloud_connect_7_cc716All versions < V2.1, All versions >= V2.0 < V2.1+1

▶NVDsiemens/6gk1411-1ac00_firmware< 2.1

▶NVDsiemens/6gk1411-5ac00_firmware< 2.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-29103: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2↗2023-05-09

▶

GHSA

GHSA-528m-3jqm-fvp2: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2↗2023-05-09

▶