Lucene search

[email protected]NVD:CVE-2023-29128

HistoryMay 09, 2023 - 1:15 p.m.

CVE-2023-29128

2023-05-0913:15:17

CWE-22

[email protected]

web.nvd.nist.gov

simatic cloud connect 7

vulnerability

remote attacker

path traversal

web based management

authenticated

privileged

file write

.db extension

cve-2023-29128

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension .db.

Affected configurations

NVD

Node

siemens6gk1411-1ac00_firmwareMatch2.0

AND

siemens6gk1411-1ac00Match-

Node

siemens6gk1411-5ac00_firmwareMatch2.0

AND

siemens6gk1411-5ac00Match-

References

cert-portal.siemens.com/productcert/pdf/ssa-555292.pdf

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for NVD:CVE-2023-29128

cvelist1 prion1 cve1 ics1