PT-2023-16208 · Socomec · Socomec Modulys Gp Netvision
Aarón Flecha Menéndez
+1
·
Published
2023-01-24
·
Updated
2023-02-06
·
CVE-2023-0356
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SOCOMEC MODULYS GP Netvision versions 7.20 and prior
Description
The issue is related to weak encryption for credentials on HTTP connections, which could allow threat actors to obtain sensitive information.
Recommendations
For SOCOMEC MODULYS GP Netvision versions 7.20 and prior, consider disabling HTTP connections or restricting access to sensitive information until a fix is available. As a temporary workaround, avoid using HTTP connections for transmitting credentials.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Socomec Modulys Gp Netvision