Vulnerabilities > SAP > Plant Connectivity

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-2827 Missing Authentication for Critical Function vulnerability in SAP Digital Manufacturing and Plant Connectivity
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing.
low complexity
sap CWE-306
5.7
5.7
2017-12-12 CVE-2017-16690 Untrusted Search Path vulnerability in SAP Plant Connectivity 15.0/2.3
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0.
network
sap CWE-426
6.8
6.8
2015-11-24 CVE-2015-8330 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Plant Connectivity
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619.
network
low complexity
sap CWE-119
7.8
7.8