Lucene search

SiemensCVE-2023-29103

HistoryMay 09, 2023 - 1:15 p.m.

CVE-2023-29103

2023-05-0913:15:17

CWE-259

siemens

web.nvd.nist.gov

cve-2023-29103

simatic

cloud connect

cc712

cc716

hard-coded password

authenticated attacker

data access

nvd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

17.5%

JSON

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.

Affected configurations

Nvd

Node

siemens6gk1411-1ac00_firmwareRange<2.1

AND

siemens6gk1411-1ac00Match-

Node

siemens6gk1411-5ac00_firmwareRange<2.1

AND

siemens6gk1411-5ac00Match-

VendorProductVersionCPE
siemens6gk1411-1ac00_firmware*cpe:2.3:o:siemens:6gk1411-1ac00_firmware:*:*:*:*:*:*:*:*
siemens6gk1411-1ac00-cpe:2.3:h:siemens:6gk1411-1ac00:-:*:*:*:*:*:*:*
siemens6gk1411-5ac00_firmware*cpe:2.3:o:siemens:6gk1411-5ac00_firmware:*:*:*:*:*:*:*:*
siemens6gk1411-5ac00-cpe:2.3:h:siemens:6gk1411-5ac00:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	6gk1411-1ac00_firmware	*	cpe:2.3:o:siemens:6gk1411-1ac00_firmware::::::::
siemens	6gk1411-1ac00	-	cpe:2.3:h:siemens:6gk1411-1ac00:-:::::::*
siemens	6gk1411-5ac00_firmware	*	cpe:2.3:o:siemens:6gk1411-5ac00_firmware::::::::
siemens	6gk1411-5ac00	-	cpe:2.3:h:siemens:6gk1411-5ac00:-:::::::*

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC712",
    "versions": [
      {
        "version": "All versions >= V2.0 < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC712",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC716",
    "versions": [
      {
        "version": "All versions >= V2.0 < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC716",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-555292.pdf

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

17.5%

JSON

Related for CVE-2023-29103