CVE-2024-45370

Summary

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
SocomecEasy Config System2.6.1.0affected

Weaknesses

  • CWE-302: CWE-302: Authentication Bypass by Assumed-Immutable Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References