Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital
CVE-2023-2827

5.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Plant Connectivity
Vendor: CVE Published:; 13 June 2023

Summary

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.

Affected Version(s)

SAP Plant Connectivity 1.0

References

https://launchpad.support.sap.com/#/notes/3301942

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 22, 2023