Unauthorized Access in SIMATIC Cloud Connect Products by Siemens
CVE-2023-29106

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cloud Connect 7 Cc712; Simatic Cloud Connect 7 Cc716
Vendor: CVE Published:; 9 May 2023

Summary

A significant vulnerability exists in certain versions of the SIMATIC Cloud Connect 7 products by Siemens. Specifically, the export endpoint can be accessed through the REST API without requiring authentication. This flaw creates an opportunity for remote attackers to exploit the system, allowing unauthorized file downloads. Organizations using affected versions must review their configurations and apply necessary updates to secure their systems from potential unauthorized access.

Affected Version(s)

SIMATIC Cloud Connect 7 CC712 All versions >= V2.0 < V2.1

SIMATIC Cloud Connect 7 CC716 All versions >= V2.0 < V2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55529...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2023