CVE-2023-41084 | Session management within the web application is … | CVSS 10.0 CRITICAL

Description

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.

Metadata

CVE ID: CVE-2023-41084
State: PUBLISHED
Assigner: icscert
Reserved: 2023-09-06 15:41 UTC
Published: 2023-09-18 19:56 UTC
Last updated: 2024-08-02 18:46 UTC
Primary CWE: CWE-565
CWE-565 Reliance on Cookies without Validation and Integrity…
Vendor / Product: Socomec / MODULYS GP (MOD3GP-SY-120K)
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Socomec	MODULYS GP (MOD3GP-SY-120K)	—	v01.12.10

Weakness (CWE)

CWE	Source	Description
CWE-565	cna	CWE-565 Reliance on Cookies without Validation and Integrity Checking

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03