Lucene search
Jens TimmermanPACKETSTORM:154764HistoryOct 08, 2019 - 12:00 a.m.
Socomec DIRIS A-40 Password Disclosure
2019-10-0800:00:00
Jens Timmerman
packetstormsecurity.com
155
0.124 Low
EPSS
Percentile
95.4%
`[description]
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the
/password.jsn URI.
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
Socomec (https://www.socomec.com)
------------------------------------------
[Affected Product Code Base]
DIRIS A-40 https://www.socomec.com/single-circuit-multifunction-meters_en.html - all versions before ref 48250501
------------------------------------------
[Affected Component]
web interface
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
An attacker visiting http://<device ip>/password.jsn can view the
devices usernames and passwords in cleartext and use these to get full
administrative control over the device.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Jens Timmerman (Mazars)
------------------------------------------
[Reference]
https://www.socomec.com/single-circuit-multifunction-meters_en.html
CVE-2019-15859
`
Related
cvelist
cvelist
CVE-2019-15859
2019-10-09 15:04:24
prion
prion
Cross site scripting
2019-10-09 16:15:00
nvd
nvd
CVE-2019-15859
2019-10-09 16:15:14
cve
cve
CVE-2019-15859
2019-10-09 16:15:14
nuclei
nuclei
Socomec DIRIS A-40 Devices Password Disclosure
2021-04-23 13:38:16