Lucene search

[email protected]CVE-2023-39446

HistorySep 18, 2023 - 9:15 p.m.

CVE-2023-39446

2023-09-1821:15:56

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-39446

web application

user management

information security

vulnerability

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

Affected configurations

NVD

Node

socomecmodulys_gp_firmwareMatch01.12.10

AND

socomecmodulys_gpMatch-

CPENameOperatorVersion
socomec:modulys_gp_firmwaresocomec modulys gp firmwareeq01.12.10

CPE	Name	Operator	Version
socomec:modulys_gp_firmware	socomec modulys gp firmware	eq	01.12.10

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MODULYS GP (MOD3GP-SY-120K)",
    "vendor": "Socomec",
    "versions": [
      {
        "status": "affected",
        "version": "v01.12.10"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for CVE-2023-39446

nvd1 prion1 cvelist1 ics1