Unauthenticated Remote File Download Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716

Unauthenticated Remote File Download Vulnerability in SIMATIC Cloud Connect 7 CC712 and CC716

CVE-2023-29106 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

Learn more about our Api Penetration Testing.