Socomec MOD3GP-SY-120K Insecure Storage of Sensitive Information
CVE-2023-41965

7.5HIGH

Key Information:

Vendor: Socomec
Status: Modulys Gp (mod3gp-sy-120k)
Vendor: CVE Published:; 18 September 2023

What is CVE-2023-41965?

An authentication bypass vulnerability exists in the web application of the affected device, potentially allowing an attacker to execute unauthorized requests. This weakness is rooted in the insufficient security measures surrounding the authentication process, enabling malicious actors to gain access to sensitive information. It is crucial for users of the affected products to assess their exposure and implement necessary security measures to mitigate this risk.

Affected Version(s)

MODULYS GP (MOD3GP-SY-120K) v01.12.10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2023
Vulnerability Reserved
Sep 6, 2023

Credit

Aarón Flecha Menéndez reported these vulnerabilities to CISA.