CVE-2019-15859

Опубликовано: 09 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Высокий

Описание

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

Ссылки

http://packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/10
Mailing List
Third Party Advisory
https://www.socomec.com/single-circuit-multifunction-meters_en.html
Product
http://packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/10
Mailing List
Third Party Advisory
https://www.socomec.com/single-circuit-multifunction-meters_en.html
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:socomec:diris_a-40_firmware:*:*:*:*:*:*:*:*

Версия до 48250501 (исключая)

cpe:2.3:h:socomec:diris_a-40:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.7572

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-225x-9cvr-5hc2