Socomec · Socomec Diris A-40 · CVE-2019-15859
**Name of the Vulnerable Software and Affected Versions**
Socomec DIRIS A-40 devices version prior to 48250501
**Description**
The issue allows a remote attacker to gain full access to a device through the web interface. This is achieved by accessing the "/password.jsn" URI, which discloses passwords.
**Recommendations**
For Socomec DIRIS A-40 devices version prior to 48250501, update to version 48250501 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/password.jsn" URI to minimize the risk of exploitation.