OTPulse
FeedAboutContact

SOCOMEC MODULYS GP (UPDATE A)

Monitor5.7ICS-CERT ICSA-23-024-02Jan 24, 2023
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

SOCOMEC MODULYS GP Net Vision firmware versions 7.20 and earlier contain an information disclosure vulnerability (CWE-261: Improper Authentication). An authenticated attacker on the local network can obtain sensitive information from the target system through a user interaction attack vector (e.g., malicious link or attachment). The vulnerability requires the user to click or open something, but once triggered, could expose configuration details, credentials, or other sensitive data stored on the UPS controller.

What this means
What could happen
An attacker with access to the device could extract sensitive configuration or authentication information from the MODULYS GP uninterruptible power supply (UPS) system, potentially enabling further attacks on the site's power infrastructure.
Who's at risk
Water authorities and municipal utilities operating uninterruptible power supply (UPS) systems using SOCOMEC MODULYS GP Net Vision for redundancy or backup power monitoring. Specifically affects UPS configuration and monitoring interfaces used by engineering and operations staff.
How it could be exploited
An attacker on the same network segment (requires adjacent network access, not internet) must trick a user into clicking a malicious link or opening a file that exploits the vulnerability. This suggests a phishing or social engineering attack targeting an operator or technician with access to the Net Vision interface. Once the vulnerable code is triggered, the attacker can read sensitive data stored on the device.
Prerequisites
  • Attacker must be on the same network segment (local network or VPN) as the MODULYS GP device
  • A user with access to Net Vision interface must be socially engineered to click a link or open a file
  • Vulnerable version 7.20 or earlier of Net Vision FW must be deployed
  • User interaction required (victim must take action)
Requires user interaction (phishing or social engineering)Low complexity attackInformation disclosure (sensitive data exposure)Affects UPS/backup power management
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
MODULYS GP Net Vision: <= 7.20≤ 7.207.42
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGIsolate MODULYS GP behind a firewall; restrict network access to authorized engineering workstations only
HARDENINGImplement network segmentation to prevent untrusted devices from reaching the MODULYS GP
WORKAROUNDEducate operators and technicians on phishing and social engineering attacks; do not click links or open attachments from unsolicited email
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MODULYS GP Net Vision to firmware version 7.42 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/815b4b46-27b8-4eee-85b2-cb5bdf7279d8