CVE-2023-29106 — Sensitive Information Exposure in Siemens Simatic Cloud Connect 7 Cc712

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.6%

top 30.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Cloud Connect 7 Cc712 Siemens Simatic Cloud Connect 7 Cc716 Siemens 6gk1411-1ac00 Firmware +1 more

Timeline

PublishedMay 9

Description

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5siemens/simatic_cloud_connect_7_cc712All versions >= V2.0 < V2.1

▶CVEListV5siemens/simatic_cloud_connect_7_cc716All versions >= V2.0 < V2.1

▶NVDsiemens/6gk1411-1ac00_firmware2.0

▶NVDsiemens/6gk1411-5ac00_firmware2.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rx3-3pxf-j4f4: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2↗2023-05-09

▶

CVEList

CVE-2023-29106: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2↗2023-05-09

▶