Siemens SIMATIC Cloud Connect 7

Plan Patch7.2ICS-CERT ICSA-23-131-04May 9, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SIMATIC Cloud Connect 7 (CC712 and CC716) contains multiple vulnerabilities affecting confidentiality, integrity, and availability. The vulnerabilities include command injection (CWE-77), hardcoded credentials (CWE-259), path traversal (CWE-22), insufficient cryptographic controls (CWE-544), information disclosure (CWE-200), and insecure file permissions (CWE-552). Versions before V2.1 are affected.

What this means

What could happen

An attacker with high privilege access could exploit these vulnerabilities to execute commands on the Cloud Connect 7 gateway, potentially intercepting or modifying data in transit to/from your Siemens automation systems, or disrupting cloud connectivity for remote monitoring and management.

Who's at risk

Water authorities and municipal utilities using SIMATIC Cloud Connect 7 gateways (CC712 or CC716) for remote access or cloud-based monitoring of Siemens automation systems (SCADA, PLCs, industrial controllers). Any site running firmware versions before V2.1 is affected.

How it could be exploited

An attacker with administrative credentials or who has gained initial access to a network segment containing the Cloud Connect 7 device could exploit command injection or path traversal vulnerabilities to execute arbitrary code or read sensitive configuration files. The vulnerabilities in credential storage and file permissions could also allow lower-privileged attackers to escalate access. The gateway's role in connecting plant automation systems to cloud platforms means compromised credentials or modified commands could affect downstream SCADA/PLC systems.

Prerequisites

High privilege access to the Cloud Connect 7 device or network segment containing it
Knowledge of or ability to discover valid administrative credentials (or hardcoded credentials if unchanged)
Network access to the Cloud Connect 7 management interface or API endpoints

High CVSS score (7.2)Hardcoded or weak credential storageCommand injection and path traversal vulnerabilitiesInsufficient cryptographic controlsRequires high privilege but affects critical gateway role

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00)≥ V2.0<V2.12.1

SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00)<V2.12.1

SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00)≥ V2.0<V2.12.1

SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00)<V2.12.1

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDImplement firewall rules to restrict network access to Cloud Connect 7 devices; ensure they are not directly reachable from the internet or untrusted networks

HARDENINGReview and change any default or hardcoded credentials on Cloud Connect 7 devices

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC Cloud Connect 7 CC712 to firmware version V2.1 or later

HOTFIXUpdate SIMATIC Cloud Connect 7 CC716 to firmware version V2.1 or later

Long-term hardening

0/2

HARDENINGIsolate Cloud Connect 7 devices on a separate network segment from business networks and general IT infrastructure

HARDENINGIf remote access is required, implement VPN or other secure tunneling methods and keep VPN software updated

CVEs (7)

CVE-2023-28832 CVE-2023-29103 CVE-2023-29104 CVE-2023-29105 CVE-2023-29106 CVE-2023-29107 CVE-2023-29128

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d9f7e0cf-09be-49fe-8c12-87b601a5788d