CVE-2023-29107Files or Directories Accessible to External Parties in Siemens Simatic Cloud Connect 7 Cc712

CWE-552Files or Directories Accessible to External Parties3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 37.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Siemens Simatic Cloud Connect 7 Cc712Siemens Simatic Cloud Connect 7 Cc716Siemens 6gk1411-1ac00 Firmware+1 more
Timeline
PublishedMay 9

Description

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5siemens/simatic_cloud_connect_7_cc712All versions >= V2.0 < V2.1
CVEListV5siemens/simatic_cloud_connect_7_cc716All versions >= V2.0 < V2.1

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2023-29107: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V22023-05-09
GHSA
GHSA-f5jq-f6j5-w2c3: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V22023-05-09
CVE-2023-29107 — Siemens vulnerability | cvebase