Lucene search

IcscertCVELIST:CVE-2023-0356

HistoryJan 24, 2023 - 6:40 p.m.

CVE-2023-0356

2023-01-2418:40:13

CWE-261

icscert

www.cve.org

socomec modulys gp

netvision

encryption

credentials

http

sensitive information

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

39.9%

JSON

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Netvision",
    "product": "MODULYS GP ",
    "vendor": "SOCOMEC",
    "versions": [
      {
        "lessThanOrEqual": "7.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-23-024-02

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

39.9%

JSON

Related for CVELIST:CVE-2023-0356