Lucene search
IcscertCVE-2023-41084HistorySep 18, 2023 - 8:15 p.m.
CVE-2023-41084
2023-09-1820:15:10
CWE-565
icscert
web.nvd.nist.gov
20
cve-2023-41084
nvd
web application
session management
vulnerability
session cookies
security
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.002
Percentile
53.8%
Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
Affected configurations
Node
socomecmodulys_gpMatch-
socomecmodulys_gp_firmwareMatch01.12.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| socomec | modulys_gp | - | cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:* |
| socomec | modulys_gp_firmware | 01.12.10 | cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MODULYS GP (MOD3GP-SY-120K)",
"vendor": "Socomec",
"versions": [
{
"status": "affected",
"version": "v01.12.10"
}
]
}
]Related
prion
prion
Code injection
2023-09-18 20:15:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-41084
2023-09-18 20:15:10
cvelist
cvelist
ics
ics
Socomec MOD3GP-SY-120K
2023-09-07 12:00:00
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.3
Confidence
High
EPSS
0.002
Percentile
53.8%
Related for CVE-2023-41084