Improper Verification of Cryptographic Signature in Production Connector for SAP Digital Manufacturing and SAP Plant Connectivity - CVE-2023-2827

 

Improper Verification of Cryptographic Signature in Production Connector for SAP Digital Manufacturing and SAP Plant Connectivity - CVE-2023-2827

Published: August 1, 2023


Vulnerability identifier: #VU78835
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-2827
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: SAP
Affected software:
Production Connector for SAP Digital Manufacturing
SAP Plant Connectivity

Detailed vulnerability description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper verification of cryptographic signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. A remote attacker can perform MitM attack.


How to mitigate CVE-2023-2827

Install updates from vendor's website.

Sources