Vulnerability Details : CVE-2023-0356
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.
Exploit prediction scoring system (EPSS) score for CVE-2023-0356
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-0356
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.7
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.1
|
3.6
|
ICS-CERT |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-0356
-
Obscuring a password with a trivial encoding does not protect the password.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2023-0356
-
https://www.cisa.gov/uscert/ics/advisories/icsa-23-024-02
SOCOMEC MODULYS GP | CISAThird Party Advisory;US Government Resource
Products affected by CVE-2023-0356
- cpe:2.3:a:socomec:net_vision:*:*:*:*:*:*:*:*