Vulnerabilities > CVE-2023-29105 - Missing Standardized Error Handling Mechanism vulnerability in Siemens 6Gk1411-1Ac00 Firmware and 6Gk1411-5Ac00 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

siemens

CWE-544

NVD

Published: 2023-05-09

Updated: 2023-05-15

Summary

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens 6Gk1411 1Ac00 Firmware * Siemens 6Gk1411 5Ac00 Firmware *	2
Hardware	Siemens Siemens 6Gk1411 1Ac00 - Siemens 6Gk1411 5Ac00 -	2

Common Weakness Enumeration (CWE)

CWE-544 - Missing Standardized Error Handling Mechanism

References

https://cert-portal.siemens.com/productcert/pdf/ssa-555292.pdf