Description
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
E
Physical
RL
O
RC
Changed
Affected products
- Siemens / SIMATIC Cloud Connect 7 CC712All versions >= V2.0 < V2.1 – All versions >= V2.0 < V2.1
- Siemens / SIMATIC Cloud Connect 7 CC716All versions >= V2.0 < V2.1 – All versions >= V2.0 < V2.1