Data Protection Vulnerability in SIMATIC Cloud Connect 7 by Siemens
CVE-2023-29103

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cloud Connect 7 Cc712; Simatic Cloud Connect 7 Cc716
Vendor: CVE Published:; 9 May 2023

Summary

A vulnerability has been found in the SIMATIC Cloud Connect 7 series by Siemens, affecting specific versions of CC712 and CC716. The flaw arises from the use of a hard-coded password to safeguard diagnostic files. This poses a risk as it allows an authenticated attacker to potentially exploit this weakness to gain unauthorized access to sensitive protected data, which undermines the system's overall data security.

Affected Version(s)

SIMATIC Cloud Connect 7 CC712 All versions >= V2.0 < V2.1

SIMATIC Cloud Connect 7 CC712 All versions < V2.1

SIMATIC Cloud Connect 7 CC716 All versions >= V2.0 < V2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55529...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2023