Vulnerabilities > CVE-2023-39452 - Unprotected Storage of Credentials vulnerability in Socomec Modulys GP Firmware 01.12.10

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

socomec

CWE-256

NVD

Published: 2023-09-18

Updated: 2024-04-11

Summary

The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.

Vulnerable Configurations

Part	Description	Count
OS	Socomec Socomec Modulys GP Firmware 01.12.10	1
Hardware	Socomec Socomec Modulys GP -	1

Common Weakness Enumeration (CWE)

CWE-256 - Unprotected Storage of Credentials

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03