HIGH🇬🇧 English

CVE-2023-39452

CVSS 7.5v3.1pub. 2023-09-18upd. 2024-11-21

The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Socomec Modulys Gp

    HW
    Socomec
    wszystkie wersje
  • Socomec Modulys Gp Firmware

    OS
    Socomec
    01.12.10
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-41084CRITICAL10.0ten sam produkt

Session management within the web application is incorrect and allows attackers to steal session co...

CVE-2023-39446HIGH8.9ten sam produkt

Thanks to the weaknesses that the web application has at the user management level, an attacker could o...

CVE-2023-40221HIGH8.8ten sam produkt

The absence of filters when loading some sections in the web application of the vulnerable device...

CVE-2023-41965HIGH7.5ten sam produkt

Sending some requests in the web application of the vulnerable device allows information to be obtained due to...

CVE-2023-38255MEDIUM6.5ten sam produkt

A potential attacker with or without (cookie theft) access to the device would be able to inc...