CVE-2023-40221
Socomec MOD3GP-SY-120K Code Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.
* La ausencia de filtros al cargar algunas secciones en la aplicación web del dispositivo vulnerable permite a los posibles atacantes inyectar código malicioso que se interpretará cuando un usuario legítimo acceda a la sección web (SERVIDOR DE CORREO) donde se muestra la información. La inyección se puede realizar en el parámetro MAIL_RCV. Cuando un usuario legítimo intenta revisar NOTIFICACIÓN/SERVIDOR DE CORREO, se ejecutará el código inyectado.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-09-06 CVE Reserved
- 2023-09-18 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Socomec Search vendor "Socomec" | Modulys Gp Firmware Search vendor "Socomec" for product "Modulys Gp Firmware" | 01.12.10 Search vendor "Socomec" for product "Modulys Gp Firmware" and version "01.12.10" | - |
Affected
| in | Socomec Search vendor "Socomec" | Modulys Gp Search vendor "Socomec" for product "Modulys Gp" | - | - |
Safe
|