CVE-2023-41965

EPSS 0.12%
Veröffentlicht 18.09.2023 20:15:10
Zuletzt bearbeitet 15.04.2025 19:16:06
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Socomec ≫ Modulys Gp Firmware Version01.12.10

Socomec ≫ Modulys Gp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.311

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-921 Storage of Sensitive Data in a Mechanism without Access Control

The product stores sensitive information in a file system or device that does not have built-in access control.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-41965

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41965

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41965

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-41965