HIGH🇬🇧 English

CVE-2023-28832

CVSS 7.2v3.1pub. 2023-05-09upd. 2024-11-21

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Siemens 6gk1411 1ac00

    HW
    Siemens
    wszystkie wersje
  • Siemens 6gk1411 1ac00 Firmware

    OS
    Siemens
    2.0
  • Siemens 6gk1411 5ac00

    HW
    Siemens
    wszystkie wersje
  • Siemens 6gk1411 5ac00 Firmware

    OS
    Siemens
    2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-29103MEDIUM4.3ten sam produkt

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cl...

CVE-2023-29104MEDIUM6.0ten sam produkt

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cl...

CVE-2023-29105MEDIUM5.9ten sam produkt

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cl...

CVE-2023-29106MEDIUM5.3ten sam produkt

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cl...

CVE-2023-29107MEDIUM5.3ten sam produkt

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cl...