SOCOMEC MODULYS GP (UPDATE A)

MonitorCVSS 5.7ICS-CERT ICSA-23-024-02Jan 24, 2023

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

SOCOMEC MODULYS GP Net Vision firmware versions 7.20 and earlier contain an information disclosure vulnerability (CWE-261: Improper Authentication). An authenticated attacker on the local network can obtain sensitive information from the target system through a user interaction attack vector (e.g., malicious link or attachment). The vulnerability requires the user to click or open something, but once triggered, could expose configuration details, credentials, or other sensitive data stored on the UPS controller.

What this means

What could happen

An attacker with access to the device could extract sensitive configuration or authentication information from the MODULYS GP uninterruptible power supply (UPS) system, potentially enabling further attacks on the site's power infrastructure.

Who's at risk

Water authorities and municipal utilities operating uninterruptible power supply (UPS) systems using SOCOMEC MODULYS GP Net Vision for redundancy or backup power monitoring. Specifically affects UPS configuration and monitoring interfaces used by engineering and operations staff.

How it could be exploited

An attacker on the same network segment (requires adjacent network access, not internet) must trick a user into clicking a malicious link or opening a file that exploits the vulnerability. This suggests a phishing or social engineering attack targeting an operator or technician with access to the Net Vision interface. Once the vulnerable code is triggered, the attacker can read sensitive data stored on the device.

Prerequisites

Attacker must be on the same network segment (local network or VPN) as the MODULYS GP device
A user with access to Net Vision interface must be socially engineered to click a link or open a file
Vulnerable version 7.20 or earlier of Net Vision FW must be deployed
User interaction required (victim must take action)

Requires user interaction (phishing or social engineering)Low complexity attackInformation disclosure (sensitive data exposure)Affects UPS/backup power management

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MODULYS GP Net Vision: <= 7.20≤ 7.207.42

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate MODULYS GP behind a firewall; restrict network access to authorized engineering workstations only

HARDENINGImplement network segmentation to prevent untrusted devices from reaching the MODULYS GP

WORKAROUNDEducate operators and technicians on phishing and social engineering attacks; do not click links or open attachments from unsolicited email

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MODULYS GP Net Vision to firmware version 7.42 or later

CVEs (1)

CVE-2023-0356

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/815b4b46-27b8-4eee-85b2-cb5bdf7279d8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.