CVE-2023-40221

Published on: Not Yet Published

Last Modified on: 09/19/2023 03:37:00 AM UTC

CVE-2023-40221 - advisory for ICSA-23-250-03

Certain versions of MODULYS GP MOD3GP-SY-120K from Socomec contain the following vulnerability:

** UNSUPPPORTED WHEN ASSIGNED ** The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.

CVE-2023-40221 has been assigned by [email protected] to track the vulnerability
Affected Vendor/Software: Socomec - MODULYS GP (MOD3GP-SY-120K) version = v01.12.10

CVE References

Description	Tags ^ⓘ	Link
Socomec MOD3GP-SY-120K \| CISA	www.cisa.gov text/html	MISC www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Known Affected Software

Vendor	Product	Version
Socomec	MODULYS_GP_MOD3GP-SY-120K	= v01.12.10

No vendor comments have been submitted for this CVE