CVE-2023-39452

Summary

The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.

Affected Software

VendorProductVersion RangeStatus
SocomecMODULYS GP (MOD3GP-SY-120K)v01.12.10affected

Weaknesses

  • CWE-256: CWE-256 Plaintext Storage of a Password

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References