Password Disclosure Vulnerability in Socomec DIRIS A-40 Devices
CVE-2019-15859

9.8CRITICAL

Key Information:

Vendor

Socomec

Status
Diris A-40 Firmware
Vendor
CVE Published:
9 October 2019

What is CVE-2019-15859?

A security flaw exists in the web interface of Socomec DIRIS A-40 devices prior to version 48250501, where sensitive password information can be disclosed. This vulnerability allows an unauthorized remote attacker to access the device by exploiting the /password.jsn URI, potentially leading to unauthorized control over the device's functionalities.

References

https://www.socomec.com/single-circuit-multifunction-mete...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Oct/10
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/154764/Socomec-DIRIS...
x_refsource_MISC

EPSS Score

82% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.