Path Traversal Flaw in SIMATIC Cloud Connect Products by Siemens
CVE-2023-29104

6MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cloud Connect 7 Cc712; Simatic Cloud Connect 7 Cc716
Vendor: CVE Published:; 9 May 2023

What is CVE-2023-29104?

A vulnerability has been detected in specific versions of Siemens SIMATIC Cloud Connect 7 CC712 and CC716. This path traversal vulnerability affects the upload feature in the web-based management interface, potentially granting an authenticated privileged remote attacker the ability to overwrite files accessible to the Linux user ccuser. Additionally, the flaw allows for the unauthorized download of any files that the ccuser can read. This security issue poses significant risks to data integrity and confidentiality.

Affected Version(s)

SIMATIC Cloud Connect 7 CC712 All versions >= V2.0 < V2.1

SIMATIC Cloud Connect 7 CC716 All versions >= V2.0 < V2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55529...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2023