José Daniel Martínez Coronel

**Name of the Vulnerable Software and Affected Versions** Socomec Net Vision version 7.20 **Description** The issue is related to a Cross-Site Request Forgery vulnerability. This could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to the lack of proper sanitisation of the `set param.cgi` file. **Recommendations** For Socomec Net Vision version 7.20, consider disabling access to the `set param.cgi` file until a patch is available to prevent exploitation of this issue. Restricting user privileges to minimize the impact of potential unauthorized actions is also recommended. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Socomec Net Vision version 7.20 **Description** An incorrect authentication issue has been found, allowing an attacker to perform a brute force attack on the application and recover a valid session. This is possible because the application uses a five-digit integer value for authentication. **Recommendations** For Socomec Net Vision version 7.20, consider implementing additional authentication measures to prevent brute force attacks, such as account lockout policies or two-factor authentication, until a patch is available.