Authentication Bypass by Assumed-Immutable Data in Socomec Easy Config System
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-45370 |
| CWE-ID | CWE-302 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Easy Config System Other software / Other software solutions |
| Vendor | Socomec |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Authentication Bypass by Assumed-Immutable Data
EUVDB-ID: #VU119086
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45370
CWE-ID:
CWE-302 - Authentication Bypass by Assumed-Immutable Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to authentication bypass by assumed-immutable data in the User profile management functionality. A local user can use a specially crafted database record to gain unauthorized access on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEasy Config System: 2.6.1.0
CPE2.3 External linkshttps://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2117
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
