Socomec DIRIS A-40 devices versions before 48250501 allow a remote attacker to get full access to a device via the /password.jsn URI.

MD5 | baec89aa472335274e4cf2482d44a22d

[description]
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the
/password.jsn URI.

------------------------------------------

[Vulnerability Type]
Incorrect Access Control

------------------------------------------

[Vendor of Product]
Socomec (https://www.socomec.com)

------------------------------------------

[Affected Product Code Base]
DIRIS A-40 https://www.socomec.com/single-circuit-multifunction-meters_en.html - all versions before ref 48250501

------------------------------------------

[Affected Component]
web interface

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
An attacker visiting http:///password.jsn can view the
devices usernames and passwords in cleartext and use these to get full
administrative control over the device.

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Jens Timmerman (Mazars)

------------------------------------------

[Reference]
https://www.socomec.com/single-circuit-multifunction-meters_en.html

CVE-2019-15859

Source