SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.
7.5CVSS
7.5AI Score
0.001EPSS
Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file.
7.1CVSS
6.8AI Score
0.0004EPSS
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.
6.7CVSS
6.9AI Score
0.0004EPSS