CVE-2023-4837

EUVD-2023-54678
SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. 
This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CERT-PLCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
smodsmodbip
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/en/posts/2023/10/CVE-2023-4837/
https://cert.pl/posts/2023/10/CVE-2023-4837/
https://smod.pl/
https://cert.pl/en/posts/2023/10/CVE-2023-4837/
https://cert.pl/posts/2023/10/CVE-2023-4837/
https://smod.pl/