Main Vulnerability Database Vulnerabilities #VU71496

#VU71496 Weak Encoding for Password in MODULYS GP Netvision - CVE-2023-0356

Published: January 25, 2023

Vulnerability identifier: #VU71496

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-0356

CWE-ID: CWE-261

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
MODULYS GP Netvision

Software vendor:
Socomec

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to weak encryption for credentials on HTTP connections. A remote attacker on the local network can obtain sensitive information on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-23-024-02

#VU71496 Weak Encoding for Password in MODULYS GP Netvision - CVE-2023-0356

Description

Remediation

External links

Please verify you're human