26 matches found
Socomec socomec DIRIS A-40 访问控制错误漏洞
Socomec DIRIS A-40 is an electrical device designed by the French company Socomec for power metering and monitoring. The Socomec DIRIS A-40 has a vulnerability related to access control, which stems from insufficient authentication in the Web API implementation. This vulnerability could allow...
CVE-2026-2491 Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30455)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...
CVE-2025-54851
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...
CVE-2025-55221
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This...
CVE-2024-48894
A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2025-54851
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...
CVE-2024-53684
A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability...
CVE-2024-48894
A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2024-49572
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an...
CVE-2024-48894
A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2024-53684
A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability...
CVE-2024-48894
A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2024-48894
CVE-2024-48894 affects Socomec DIRIS Digiware M-70 gateway (version 1.6.9). Talos reports a cleartext transmission in the WEBVIEW-M webserver, allowing an attacker on the same network to sniff traffic and potentially disclose credentials or configuration data due to lack of encryption. The issue ...
CVE-2024-49572
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an...
CVE-2024-49572
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an...
CVE-2025-26858
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability...
CVE-2025-54851
The CVE-2025-54851 issue affects Socomec DIRIS Digiware M-70 v1.6.9, where unauthenticated Modbus TCP/RTU over TCP requests can trigger a denial-of-service. Talos details show an attacker can send a single Modbus TCP message to port 503 using Write Single Register (code 6) to set register 4352 to...
CVE-2025-54849
CVE-2025-54849 affects Socomec DIRIS Digiware M-70 gateway (firmware 1.6.9). A DoS exists in Modbus TCP and Modbus RTU over TCP due to unauthenticated access that can be triggered by a crafted Modbus TCP Write Single Register (code 6) message to port 502, writing value 1 to register 4352, which c...
CVE-2025-54851
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...