7.5
CVE-2023-0356
- EPSS 0.47%
- Veröffentlicht 26.01.2023 21:18:07
- Zuletzt bearbeitet 21.11.2024 07:37:02
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Socomec ≫ Net Vision Version <= 7.20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.37 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-261 Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password.
https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02