CVE-2024-4601 (GCVE-0-2024-4601)
Vulnerability from cvelistv5 – Published: 2024-05-07 11:31 – Updated: 2024-08-01 20:47
VLAI
Title
Improper Authentication vulnerability in Socomec Net Vision
Summary
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.
Severity
6.7 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Socomec | Net vision |
Affected:
7.20
|
Date Public
2024-05-07 10:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:socomec:net_vision:7.20:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "net_vision",
"vendor": "socomec",
"versions": [
{
"status": "affected",
"version": "7.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T14:30:18.464576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:18.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Net vision",
"vendor": "Socomec",
"versions": [
{
"status": "affected",
"version": "7.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "J. Daniel Martinez (dan1t0)"
}
],
"datePublic": "2024-05-07T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value."
}
],
"value": "An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:31:41.772Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability fixed in the latest version of the affected product."
}
],
"value": "Vulnerability fixed in the latest version of the affected product."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authentication vulnerability in Socomec Net Vision",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4601",
"datePublished": "2024-05-07T11:31:41.772Z",
"dateReserved": "2024-05-07T09:41:32.272Z",
"dateUpdated": "2024-08-01T20:47:41.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-4601",
"date": "2026-05-30",
"epss": "0.0007",
"percentile": "0.21484"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado una vulnerabilidad de autenticaci\\u00f3n incorrecta en Socomec Net Vision que afecta a la versi\\u00f3n 7.20. Esta vulnerabilidad permite a un atacante realizar un ataque de fuerza bruta en la aplicaci\\u00f3n y recuperar una sesi\\u00f3n v\\u00e1lida, porque la aplicaci\\u00f3n utiliza un valor entero de cinco d\\u00edgitos.\"}]",
"id": "CVE-2024-4601",
"lastModified": "2024-11-21T09:43:11.480",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.4, \"impactScore\": 5.2}]}",
"published": "2024-05-07T12:15:10.880",
"references": "[{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision\", \"source\": \"cve-coordination@incibe.es\"}, {\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4601\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2024-05-07T12:15:10.880\",\"lastModified\":\"2024-11-21T09:43:11.480\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de autenticaci\u00f3n incorrecta en Socomec Net Vision que afecta a la versi\u00f3n 7.20. Esta vulnerabilidad permite a un atacante realizar un ataque de fuerza bruta en la aplicaci\u00f3n y recuperar una sesi\u00f3n v\u00e1lida, porque la aplicaci\u00f3n utiliza un valor entero de cinco d\u00edgitos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision\",\"source\":\"cve-coordination@incibe.es\"},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:47:41.395Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4601\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-07T14:30:18.464576Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:socomec:net_vision:7.20:*:*:*:*:*:*:*\"], \"vendor\": \"socomec\", \"product\": \"net_vision\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.20\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-07T14:31:02.221Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Improper Authentication vulnerability in Socomec Net Vision\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"J. Daniel Martinez (dan1t0)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Socomec\", \"product\": \"Net vision\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.20\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Vulnerability fixed in the latest version of the affected product.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Vulnerability fixed in the latest version of the affected product.\", \"base64\": false}]}], \"datePublic\": \"2024-05-07T10:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2024-05-07T11:31:41.772Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4601\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:47:41.395Z\", \"dateReserved\": \"2024-05-07T09:41:32.272Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2024-05-07T11:31:41.772Z\", \"assignerShortName\": \"INCIBE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…