CVE-2023-38255

Summary

A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.

Affected Software

VendorProductVersion RangeStatus
SocomecMODULYS GP (MOD3GP-SY-120K)v01.12.10affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References