cbcvebase.
CVE-2019-15859
published 2019-10-09

CVE-2019-15859: Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the…

PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
34.11%
98.2th percentile
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
socomecdiris_a-40_firmware< 4825050148250501

Detection & IOCsextracted from sources · hover to see the quote

path/password.jsn
  • Send an unauthenticated HTTP GET request to /password.jsn; a vulnerable device responds with HTTP 200, Content-Type header containing 'text/json', and a body containing both 'username' and 'password' fields.
  • Response Content-Type header value 'text/json' is a distinguishing indicator of a vulnerable Socomec DIRIS A-40 device responding to the /password.jsn endpoint.
  • Response body containing both 'username' and 'password' strings from /password.jsn confirms successful password disclosure on the device.
  • ·Vulnerability affects Socomec DIRIS A-40 firmware versions before 48250501 only; patched devices will not expose credentials at this endpoint.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.