Socomec Modulys Gp (Mod3gp-sy-120k)
7 CVEs affecting Socomec Modulys Gp (Mod3gp-sy-120k). Latest disclosed: 2023-09-18. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-41084 | Critical | 10.0 | 2023-09-18 | Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the… |
CVE-2023-39446 | High | 8.9 | 2023-09-18 | Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is ne… |
CVE-2023-40221 | High | 8.8 | 2023-09-18 | The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious c… |
CVE-2023-39452 | High | 7.5 | 2023-09-18 | The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be do… |
CVE-2023-41965 | High | 7.5 | 2023-09-18 | Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication proce… |
CVE-2023-38255 | Medium | 6.5 | 2023-09-18 | A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new devi… |
CVE-2023-38582 | Medium | 6.3 | 2023-09-18 | Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScri… |