Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSocomec Modulys Gp
HWSocomecwszystkie wersjeSocomec Modulys Gp Firmware
OSSocomec01.12.10
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2023-41084CRITICAL10.0ten sam produkt
Session management within the web application is incorrect and allows attackers to steal session co...
CVE-2023-39446HIGH8.9ten sam produkt
Thanks to the weaknesses that the web application has at the user management level, an attacker could o...
CVE-2023-39452HIGH7.5ten sam produkt
The web application that owns the device clearly stores the credentials within the user managem...
CVE-2023-40221HIGH8.8ten sam produkt
The absence of filters when loading some sections in the web application of the vulnerable device...
CVE-2023-38255MEDIUM6.5ten sam produkt
A potential attacker with or without (cookie theft) access to the device would be able to inc...