Lucene search

[email protected]CVE-2023-0356

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-0356

2023-01-2621:18:07

CWE-261

[email protected]

web.nvd.nist.gov

socomec modulys

gp netvision

credentials encryption

http

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%

JSON

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

Affected configurations

NVD

Node

socomecnet_visionRange≤7.20

AND

socomecmodulys_gpMatch-

CPENameOperatorVersion
socomec:net_visionsocomec net visionle7.20

CPE	Name	Operator	Version
socomec:net_vision	socomec net vision	le	7.20

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Netvision",
    "product": "MODULYS GP ",
    "vendor": "SOCOMEC",
    "versions": [
      {
        "lessThanOrEqual": "7.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-23-024-02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%

JSON

Related for CVE-2023-0356

ics1 nvd1 cvelist1 prion1