Vulnerabilities > Socomec > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-18 CVE-2023-41084 Unspecified vulnerability in Socomec Modulys GP Firmware 01.12.10
Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
network
low complexity
socomec
critical
 9.8
9.8
2019-10-09 CVE-2019-15859 Information Exposure vulnerability in Socomec Diris A-40 Firmware
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
network
low complexity
socomec CWE-200
critical
 9.8
9.8