Note:
This project will be discontinued after December 13, 2021. [more]
Product:
6gk1411\-5ac00_firmware
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-09 | CVE-2023-28832 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | N/A | ||
| 2023-05-09 | CVE-2023-29105 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a... | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | 7.5 | ||
| 2023-05-09 | CVE-2023-29103 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data. | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | N/A | ||
| 2023-05-09 | CVE-2023-29104 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to. | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | 7.6 | ||
| 2023-05-09 | CVE-2023-29106 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint. | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | 7.5 | ||
| 2023-05-09 | CVE-2023-29107 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources. | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | N/A | ||
| 2023-05-09 | CVE-2023-29128 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`. | 6gk1411\-1ac00_firmware, 6gk1411\-5ac00_firmware | 2.7 |