CVE-2023-39452

The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*
cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:17

Type Values Removed Values Added
Summary ** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application. The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.

21 Sep 2023, 18:30

Type Values Removed Values Added
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*
cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*
First Time Socomec modulys Gp Firmware
Socomec modulys Gp
Socomec

19 Sep 2023, 03:37

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-18 21:16

Updated : 2024-08-02 18:16


NVD link : CVE-2023-39452

Mitre link : CVE-2023-39452

CVE.ORG link : CVE-2023-39452


JSON object : View

Products Affected

socomec

  • modulys_gp
  • modulys_gp_firmware
CWE
CWE-256

Plaintext Storage of a Password