CVE-2023-29105

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device is vulnerable to a denial of service while parsing a random non-JSON MQTT payload. This could allow an attacker who can...

CVE-2023-29104

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacke...

CVE-2023-29106

CVE-2023-29106 affects SIMATIC Cloud Connect 7 CC712/CC716 (V2.0 to V2.1). An export endpoint exposed via REST API without authentication could allow an unauthenticated remote attacker to download files available through the endpoint, per multiple sources (NVD/Red Hat/NCSC advisories). The Red Ha...

CVE-2023-29103

The CVE-2023-29103 entry concerns Siemens SIMATIC Cloud Connect 7 CC712/CC716 with versions 2.0–2.1, where a hard-coded password protects diagnostic files, enabling an authenticated attacker to access protected data. Red Hat and NVD entries corroborate the affected products and vulnerability clas...