CVE-2024-48894
A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Socomec DIRIS Digiware M-70 1.6.9
DIRIS Digiware M-70 - https://www.socomec.us/en-us/reference/48290222
5.9 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-319 - Cleartext Transmission of Sensitive Information
The DIRIS Digiware M-50/M-70 gateway functions as the access point for industrial power monitoring systems, providing power supply and communication connection to devices in the electrical installation. It also includes a webserver WEBVIEW-M for the remote visualisation and analysis of measurements and consumption.
By default the network communication with the Socomec M70 webserver, known as WEBVIEW-M does not utilize encryption. Sensitive information is transmitted between the browser and the WEBVIEW-M service including credentials, session cookies, and configuration data. An attacker could abuse this plaintext information to hijack an authenticated session, or capture valid credentials enabling attacker access to the device.
Enable HTTPS communication for the WEBVIEW-M webserver.
Vendor advisory: https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-48894—Diris-Digiware-Webview-_VULNERABILITIES_2025-11-03-16-36-40_English.pdf
2025-01-13 - Vendor Disclosure
2025-11-03 - Vendor Patch Release
2025-12-01 - Public Release
Discovered by Kelly Patterson of Cisco Talos.