CVE-2023-2827

Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital

CVSS 7.9 HIGHEPSS 0.3%CWE-306

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Jun 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

Affected products

SAP_SE · SAP Plant Connectivity

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/3301942 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html