CVE-2023-0356
5.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SOCOMEC | MODULYS GP | 0 <= 7.20 | affected |
Weaknesses
- CWE-261: CWE-261 Weak Encoding For Password
Workarounds
SOCOMEC has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact SOCOMEC customer support https://www.socomec.com/contact-us_en.html .
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.