MEDIUM🇬🇧 English

CVE-2023-38255

CVSS 6.5v3.1pub. 2023-09-18upd. 2024-11-21

A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • Socomec Modulys Gp

    HW
    Socomec
    wszystkie wersje
  • Socomec Modulys Gp Firmware

    OS
    Socomec
    01.12.10
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2023-41084CRITICAL10.0ten sam produkt

Session management within the web application is incorrect and allows attackers to steal session co...

CVE-2023-39446HIGH8.9ten sam produkt

Thanks to the weaknesses that the web application has at the user management level, an attacker could o...

CVE-2023-39452HIGH7.5ten sam produkt

The web application that owns the device clearly stores the credentials within the user managem...

CVE-2023-40221HIGH8.8ten sam produkt

The absence of filters when loading some sections in the web application of the vulnerable device...

CVE-2023-41965HIGH7.5ten sam produkt

Sending some requests in the web application of the vulnerable device allows information to be obtained due to...