Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501

["TIMMERMAN, Jens" <jens.timmerman () mazars be>]

[description]
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get 
full access to a device via the
/password.jsn URI.

------------------------------------------

[Vulnerability Type]
Incorrect Access Control

------------------------------------------

[Vendor of Product]
Socomec (https://www.socomec.com)

------------------------------------------

[Affected Product Code Base]
DIRIS A-40 https://www.socomec.com/single-circuit-multifunction-meters_en.html - all versions before ref 48250501

------------------------------------------

[Affected Component]
web interface

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
An attacker visiting http://<device ip>/password.jsn can view the
devices usernames and passwords in cleartext and use these to get full
administrative control over the device.

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Jens Timmerman (Mazars)

------------------------------------------

[Reference]
https://www.socomec.com/single-circuit-multifunction-meters_en.html

CVE-2019-15859

Attachment: 0xAD760CC853549596.asc
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/