Vulnerability CVE-2019-15859


Published: 2019-10-09

Description:
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Socomec DIRIS A-40 Password Disclosure
Jens Timmerman
09.10.2019

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html
http://seclists.org/fulldisclosure/2019/Oct/10
https://www.socomec.com/single-circuit-multifunction-meters_en.html

Copyright 2019, cxsecurity.com

 

Back to Top