CVE-2023-39446

HIGH

Socomec Modulys GP Firmware - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

Scores

CVSS v3 8.9
EPSS 0.0021
EPSS Percentile 11.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
socomec/modulys_gp_firmware 01.12.10
Published Sep 18, 2023
Tracked Since Feb 18, 2026