Siemens Simatic Cloud Connect 7 Cc712 vulnerabilities

CVE-2023-28831 [HIGH] CWE-190 CVE-2023-28831: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnera The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

CVE-2023-29106 [MEDIUM] CWE-200 CVE-2023-29106: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

CVE-2023-29105 [MEDIUM] CWE-544 CVE-2023-29105: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT brok

CVE-2023-28832 [HIGH] CWE-77 CVE-2023-28832: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVE-2023-29104 [MEDIUM] CWE-22 CVE-2023-29104: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has

CVE-2023-29103 [MEDIUM] CWE-259 CVE-2023-29103: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.

CVE-2023-29107 [MEDIUM] CWE-552 CVE-2023-29107: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.

CVE-2023-29128 [LOW] CWE-22 CVE-2023-29128: A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 = V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.