CVE Published: 07/05/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: INCIBE |
Vendor: Socomec |
Product: Net vision Status : PUBLISHED
CVE-2024-4600 Description
Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file.
Metrics
CVSS Version: 3.1 |
Base Score: 7.1 HIGH Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N