Lucene search

[email protected]NVD:CVE-2023-40221

HistorySep 18, 2023 - 8:15 p.m.

CVE-2023-40221

2023-09-1820:15:09

CWE-94

[email protected]

web.nvd.nist.gov

vulnerable device

web application

injection

malicious code

mail server

notification

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.

Affected configurations

NVD

Node

socomecmodulys_gp_firmwareMatch01.12.10

AND

socomecmodulys_gpMatch-

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

Related for NVD:CVE-2023-40221

prion1 vulnrichment1 cve1 cvelist1 ics1