Missing Standardized Error Handling Mechanism

CVE-2023-29105

Medium

5.9/10

Summary

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-544 - Missing Standardized Error Handling Mechanism

The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

References

Advisory Timeline

Published May 09, 2023

Missing Standardized Error Handling Mechanism

CVE-2023-29105

Summary

CWE-544 - Missing Standardized Error Handling Mechanism

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS