What is CVE-2023-38255?

CVE-2023-38255 is a medium-severity vulnerability in Socomec Modulys Gp (Mod3gp-sy-120k), classified under Cross-site Scripting. CVSS score: 6.5/10. Published 2023-09-18.

How severe is CVE-2023-38255?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2023-38255 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Socomec Modulys Gp (Mod3gp-sy-120k)

CVE-2023-38255

A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device. …

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (28.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Socomec Modulys Gp (Mod3gp-sy-120k) — versions v01.12.10

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

Frequently asked questions

What is CVE-2023-38255?: CVE-2023-38255 is a medium-severity vulnerability in Socomec Modulys Gp (Mod3gp-sy-120k), classified under Cross-site Scripting. CVSS score: 6.5/10. Published 2023-09-18.
How severe is CVE-2023-38255?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2023-38255 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.