CVE-2023-29105 — Missing Standardized Error Handling Mechanism in Siemens Simatic Cloud Connect 7 Cc712

CWE-544 — Missing Standardized Error Handling Mechanism3 documents3 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.3%

top 44.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens 6gk1411-1ac00 Firmware Siemens 6gk1411-5ac00 Firmware Siemens Simatic Cloud Connect 7 Cc712 +1 more

Timeline

PublishedMay 9

Description

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5siemens/simatic_cloud_connect_7_cc712All versions < V2.1, All versions >= V2.0 < V2.1+1

▶CVEListV5siemens/simatic_cloud_connect_7_cc716All versions < V2.1, All versions >= V2.0 < V2.1+1

▶NVDsiemens/6gk1411-1ac00_firmware< 2.1

▶NVDsiemens/6gk1411-5ac00_firmware< 2.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-29105: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2↗2023-05-09

▶

GHSA

GHSA-fr6w-4xgh-4mgc: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2↗2023-05-09

▶