CVE-2023-2827

Published: Jun 13, 2023Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.

Affected (2)

Products: Sap: Digital Manufacturing, Plant Connectivity

2 products

Digital Manufacturing

Plant Connectivity

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Digital Manufacturing	Version 1.0
Sap Plant Connectivity	Version 15.5

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://launchpad.support.sap.com/#/notes/3301942

Source: cna@sap.com

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3301942

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.