CVE-2023-0356

Summary

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

Affected Software

VendorProductVersion RangeStatus
SOCOMECMODULYS GP0 <= 7.20affected

Weaknesses

  • CWE-261: CWE-261 Weak Encoding For Password

Workarounds

SOCOMEC has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact SOCOMEC customer support https://www.socomec.com/contact-us_en.html .

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References