Socomec MOD3GP-SY-120K Cross-Site Request Forgery
CVE-2023-39446

8.9HIGH

Key Information:

Vendor: Socomec
Status: Modulys Gp (mod3gp-sy-120k)
Vendor: CVE Published:; 18 September 2023

What is CVE-2023-39446?

Weaknesses in user management within the web application allow attackers to extract critical header information. This can lead to the creation of specially crafted URLs that facilitate malicious actions while a legitimate user is actively logged in, compromising the integrity and security of the application.

Affected Version(s)

MODULYS GP (MOD3GP-SY-120K) v01.12.10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

8.9

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 18, 2023
Vulnerability Reserved
Sep 6, 2023

Credit

Aarón Flecha Menéndez reported these vulnerabilities to CISA.