Siemens 6Gk1411-1Ac00 Firmware vulnerabilities

CVE-2023-29105 [HIGH] CWE-544 CVE-2023-29105: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker

CVE-2023-28832 [HIGH] CWE-77 CVE-2023-28832: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVE-2023-29104 [HIGH] CWE-22 CVE-2023-29104: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has w

CVE-2023-29106 [HIGH] CWE-200 CVE-2023-29106: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

CVE-2023-29103 [MEDIUM] CWE-259 CVE-2023-29103: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.

CVE-2023-29107 [MEDIUM] CWE-552 CVE-2023-29107: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.

CVE-2023-29128 [LOW] CWE-22 CVE-2023-29128: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.