CVE-2023-29106

Summary

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC Cloud Connect 7 CC712All versions >= V2.0 < V2.1affected
SiemensSIMATIC Cloud Connect 7 CC716All versions >= V2.0 < V2.1affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References