Lucene search

SiemensCVE-2023-29105

HistoryMay 09, 2023 - 1:15 p.m.

CVE-2023-29105

2023-05-0913:15:17

CWE-544

siemens

web.nvd.nist.gov

cve-2023-29105

simatic cloud connect

vulnerability

dos

mqtt

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.3%

JSON

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

Affected configurations

Nvd

Node

siemens6gk1411-1ac00_firmwareRange<2.1

AND

siemens6gk1411-1ac00Match-

Node

siemens6gk1411-5ac00_firmwareRange<2.1

AND

siemens6gk1411-5ac00Match-

VendorProductVersionCPE
siemens6gk1411-1ac00_firmware*cpe:2.3:o:siemens:6gk1411-1ac00_firmware:*:*:*:*:*:*:*:*
siemens6gk1411-1ac00-cpe:2.3:h:siemens:6gk1411-1ac00:-:*:*:*:*:*:*:*
siemens6gk1411-5ac00_firmware*cpe:2.3:o:siemens:6gk1411-5ac00_firmware:*:*:*:*:*:*:*:*
siemens6gk1411-5ac00-cpe:2.3:h:siemens:6gk1411-5ac00:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	6gk1411-1ac00_firmware	*	cpe:2.3:o:siemens:6gk1411-1ac00_firmware::::::::
siemens	6gk1411-1ac00	-	cpe:2.3:h:siemens:6gk1411-1ac00:-:::::::*
siemens	6gk1411-5ac00_firmware	*	cpe:2.3:o:siemens:6gk1411-5ac00_firmware::::::::
siemens	6gk1411-5ac00	-	cpe:2.3:h:siemens:6gk1411-5ac00:-:::::::*

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC712",
    "versions": [
      {
        "version": "All versions >= V2.0 < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC712",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC716",
    "versions": [
      {
        "version": "All versions >= V2.0 < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Cloud Connect 7 CC716",
    "versions": [
      {
        "version": "All versions < V2.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-555292.pdf

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.3%

JSON

Related for CVE-2023-29105