CVE-2023-28832

Опубликовано: 09 мая 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-555292.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-555292.pdf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:6gk1411-1ac00_firmware:2.0:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk1411-1ac00:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:6gk1411-5ac00_firmware:2.0:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6gk1411-5ac00:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01066

Низкий

7.2 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-p96q-9p2w-4j2c