CVE-2023-41965

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*

cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:21

Type	Values Removed	Values Added
Summary	UNSUPPPORTED WHEN ASSIGNED Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.	Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.

22 Sep 2023, 14:32

Type	Values Removed	Values Added
First Time		Socomec modulys Gp Socomec Socomec modulys Gp Firmware
CPE		cpe:2.3:h:socomec:modulys_gp:-:::::::* cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 -~~	(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 - Third Party Advisory, US Government Resource

19 Sep 2023, 03:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-18 20:15

Updated : 2024-04-11 01:21

NVD link : CVE-2023-41965

Mitre link : CVE-2023-41965

CVE.ORG link : CVE-2023-41965

JSON object : View

Products Affected

socomec

modulys_gp_firmware
modulys_gp

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2023-41965", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-18T20:15:10.120", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\nSending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.\n\n\n\n\n\n"}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** El env\u00edo de algunas solicitudes en la aplicaci\u00f3n web del dispositivo vulnerable permite obtener informaci\u00f3n debido a la falta de seguridad en el proceso de autenticaci\u00f3n."}], "lastModified": "2024-04-11T01:21:41.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A69C11D7-9B54-4F66-95F3-33B8E6F9E37B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C795C90-1E56-4F38-B637-6C12DEAF6541"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}