Information Disclosure Vulnerability in Siemens SIMATIC Cloud Connect 7
CVE-2023-29107

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cloud Connect 7 Cc712; Simatic Cloud Connect 7 Cc716
Vendor: CVE Published:; 9 May 2023

What is CVE-2023-29107?

A vulnerability has been discovered in the Siemens SIMATIC Cloud Connect 7 (specifically in versions CC712 and CC716), where the export endpoint leads to the unintended exposure of undocumented files. This flaw may allow remote attackers without authentication to exploit the system and access sensitive information resources, potentially compromising the integrity and confidentiality of data.

Affected Version(s)

SIMATIC Cloud Connect 7 CC712 All versions >= V2.0 < V2.1

SIMATIC Cloud Connect 7 CC716 All versions >= V2.0 < V2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55529...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2023