The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information from tapping the service communications.
Credits
Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA.
