Lucene search

IcscertCVELIST:CVE-2023-39446

HistorySep 18, 2023 - 8:02 p.m.

CVE-2023-39446 Socomec MOD3GP-SY-120K Cross-Site Request Forgery

2023-09-1820:02:40

CWE-352

icscert

www.cve.org

socomec

mod3gp-sy-120k

web application

user management

weakness

cross-site request forgery

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MODULYS GP (MOD3GP-SY-120K)",
    "vendor": "Socomec",
    "versions": [
      {
        "status": "affected",
        "version": "v01.12.10"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for CVELIST:CVE-2023-39446