{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-4600","assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","state":"PUBLISHED","assignerShortName":"INCIBE","dateReserved":"2024-05-07T09:41:31.124Z","datePublished":"2024-05-07T11:30:09.045Z","dateUpdated":"2024-08-01T20:47:41.220Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Net vision","vendor":"Socomec","versions":[{"status":"affected","version":"7.20"}]}],"credits":[{"lang":"en","type":"finder","value":"J. Daniel Martinez (dan1t0)"}],"datePublic":"2024-05-07T10:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file."}],"value":"Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-352","description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2024-05-07T11:30:09.045Z"},"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Vulnerability fixed in the latest version of the affected product."}],"value":"Vulnerability fixed in the latest version of the affected product."}],"source":{"discovery":"UNKNOWN"},"title":"Cross-Site Request Forgery vulnerability in Socomec Net Vision","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-4600","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-07T15:04:56.333501Z"}}}],"affected":[{"cpes":["cpe:2.3:a:socomec:net_vision:7.20:*:*:*:*:*:*:*"],"vendor":"socomec","product":"net_vision","versions":[{"status":"affected","version":"7.20"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:55:16.781Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:47:41.220Z"},"title":"CVE Program Container","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-socomec-net-vision","tags":["x_transferred"]}]}]}}