Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HSocomec Modulys Gp
HWSocomecwszystkie wersjeSocomec Modulys Gp Firmware
OSSocomec01.12.10
Related vulnerabilities
Thanks to the weaknesses that the web application has at the user management level, an attacker could o...
The web application that owns the device clearly stores the credentials within the user managem...
The absence of filters when loading some sections in the web application of the vulnerable device...
Sending some requests in the web application of the vulnerable device allows information to be obtained due to...
A potential attacker with or without (cookie theft) access to the device would be able to inc...