Lucene search
IcscertCVELIST:CVE-2023-41084HistorySep 18, 2023 - 7:56 p.m.
CVE-2023-41084 Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking
2023-09-1819:56:27
CWE-565
icscert
www.cve.org
1
cve-2023-41084
socomec mod3gp-sy-120k
session management
cookies
validation
integrity checking
web application
attack
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
53.8%
Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MODULYS GP (MOD3GP-SY-120K)",
"vendor": "Socomec",
"versions": [
{
"status": "affected",
"version": "v01.12.10"
}
]
}
]Related
nvd
nvd
CVE-2023-41084
2023-09-18 20:15:10
prion
prion
Code injection
2023-09-18 20:15:00
vulnrichment
vulnrichment
cve
cve
CVE-2023-41084
2023-09-18 20:15:10
ics
ics
Socomec MOD3GP-SY-120K
2023-09-07 12:00:00
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
53.8%
Related for CVELIST:CVE-2023-41084