PT-2019-14439 · Socomec · Socomec Diris A-40

Jens Timmerman

Published

2019-10-09

Updated

2020-08-24

CVE-2019-15859

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Socomec DIRIS A-40 devices version prior to 48250501

Description The issue allows a remote attacker to gain full access to a device through the web interface. This is achieved by accessing the "/password.jsn" URI, which discloses passwords.

Recommendations For Socomec DIRIS A-40 devices version prior to 48250501, update to version 48250501 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/password.jsn" URI to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-15859

Affected Products

Socomec Diris A-40

PT-2019-14439 · Socomec · Socomec Diris A-40

CVE-2019-15859

Weakness Enumeration

Related Identifiers

Affected Products

References · 5