Socomec DIRIS A-40 Insufficiently Protected Credentials Vulnerability

Summary

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

Credit:

The information has been provided by Vendor

The original article can be found at:http://seclists.org/fulldisclosure/2019/Oct/10

 


Details

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

Vulnerable Systems:

Socomec DIRIS A-40 

CVE Information:

CVE-2019-15859

Disclosure Timeline:
Published Date:10/09/2019