Cleartext Transmission Vulnerability in Socomec DIRIS Digiware M-70
CVE-2024-48894

5.9MEDIUM

Key Information:

Vendor: Socomec
Status: Diris Digiware M-70
Vendor: CVE Published:; 1 December 2025

What is CVE-2024-48894?

A vulnerability in the WEBVIEW-M functionality of the Socomec DIRIS Digiware M-70 version 1.6.9 allows for cleartext data transmission, which may expose sensitive information. An attacker with access to network traffic can exploit this vulnerability through specially crafted HTTP requests, leading to the potential disclosure of confidential data. Organizations using this device should take immediate precautions to mitigate risks and ensure data security.

Affected Version(s)

DIRIS Digiware M-70 1.6.9

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.socomec.fr/sites/default/files/2025-04/CVE-20...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Nov 27, 2024

Credit

Discovered by Kelly Patterson of Cisco Talos.

JSON