What is CVE-2023-39446?

CVE-2023-39446 is a high-severity vulnerability in Socomec Modulys Gp (Mod3gp-sy-120k), classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.9/10. Published 2023-09-18.

How severe is CVE-2023-39446?

High severity. CVSS v3 base score is 8.9 out of 10.

CSRF in Socomec Modulys Gp (Mod3gp-sy-120k)

CVE-2023-39446

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.9 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H.

Affected products

Socomec Modulys Gp (Mod3gp-sy-120k) — versions v01.12.10

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

Frequently asked questions

What is CVE-2023-39446?: CVE-2023-39446 is a high-severity vulnerability in Socomec Modulys Gp (Mod3gp-sy-120k), classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.9/10. Published 2023-09-18.
How severe is CVE-2023-39446?: High severity. CVSS v3 base score is 8.9 out of 10.