Unauthenticated Remote File Download Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716
CVE-2023-29106 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.
Learn more about our Api Penetration Testing.