A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user ccuser
has write access to, or to download any file the Linux user ccuser
has read-only access to.
CPE | Name | Operator | Version |
---|---|---|---|
6gk1411-1ac00_firmware | eq | 2.0 | |
6gk1411-5ac00_firmware | eq | 2.0 |