CVE-2024-4601

An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision

Configurations

No configuration.

History

21 Nov 2024, 09:43

Type	Values Removed	Values Added
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision -
Summary		(es) Se ha encontrado una vulnerabilidad de autenticación incorrecta en Socomec Net Vision que afecta a la versión 7.20. Esta vulnerabilidad permite a un atacante realizar un ataque de fuerza bruta en la aplicación y recuperar una sesión válida, porque la aplicación utiliza un valor entero de cinco dígitos.

07 May 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 12:15

Updated : 2024-11-21 09:43

NVD link : CVE-2024-4601

Mitre link : CVE-2024-4601

CVE.ORG link : CVE-2024-4601

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

6.7 /10