Weak Encryption Vulnerability in SOCOMEC MODULYS GP Netvision Products
CVE-2023-0356

5.7MEDIUM

Key Information:

Vendor: Socomec
Status: Modulys Gp
Vendor: CVE Published:; 26 January 2023

What is CVE-2023-0356?

SOCOMEC MODULYS GP Netvision versions 7.20 and earlier are vulnerable due to inadequate encryption for credentials transmitted over HTTP. This weakness allows attackers to intercept sensitive information, potentially leading to unauthorized access. Users are advised to upgrade to the latest version and implement secure communication protocols to protect sensitive data.

Affected Version(s)

MODULYS GP 0 <= 7.20

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 17, 2023

Credit

Javier Fernandez Beré and Aarón Flecha Menéndez of S21sec reported this vulnerability to CISA.