Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking
CVE-2023-41084

9.8CRITICAL

Key Information:

Vendor: Socomec
Status: MODULYS GP (MOD3GP-SY-120K)
Vendor: CVE Published:; 18 September 2023

What is CVE-2023-41084?

A critical session management vulnerability exists in various Microsoft web applications, allowing attackers to exploit flaws in session handling. Attackers could potentially steal session cookies, enabling them to impersonate legitimate users and perform unauthorized actions within the application. This poses significant risks to user data and application integrity, making it essential for organizations to promptly address and mitigate this issue to safeguard their environments.

Affected Version(s)

MODULYS GP (MOD3GP-SY-120K) v01.12.10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2023
Vulnerability Reserved
Sep 6, 2023

Credit

Aarón Flecha Menéndez reported these vulnerabilities to CISA.