Products
Socomec Net Vision
- 7.20
Source
cve-coordination@incibe.es
Tags
CVE-2024-4601 details
Published : May 7, 2024, 12:15 p.m.
Last Modified : May 7, 2024, 1:39 p.m.
Last Modified : May 7, 2024, 1:39 p.m.
Description
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.7 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
6.7
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References
URL | Source |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision | cve-coordination@incibe.es |
This website uses the NVD API, but is not approved or certified by it.