CVE-2024-45370
An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Socomec Easy Config System 2.6.1.0
Easy Config System - https://www.socomec.us/en-us/easy-config-system-software
7.3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
CWE-302 - Authentication Bypass by Assumed-Immutable Data
The Easy Config System configuration software allows users to configure your Socomec measuring and load-breaking equipment while viewing all the electrical quantities in real-time. It provides features such as auto-detection of connected products and simultaneous configuration of multiple devices. Access to Easy Config System can be done locally by connecting to the products via a USB cable or remotely via the Ethernet network allowing configuration without having to be on site.
The Easy Config System software contains two documented user profiles User and Admin and a third undocumented one called Socomec. The application restricts configuration items available based on the user profile that is currently logged into the application. The application relies on a local sqlite database when presenting a user with the login prompt for the application. This database contains password hashes for each of the user profiles and a field that indicates whether that user is required to enter a password called passwordActive. An attacker with system access could modify the database file to disable the requirement to enter a password for any of the user accounts by setting the passwordActive field to 0. When this field is 0, the application will not prompt that user for their password before access is granted to the selected user. This would allow the attacker to select the user profile that they wish to access and simply press the login button allowing them access all to all configuration items of connected devices without providing a password to the application.
Vendor advisory: https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370—ECS-2610—CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf
2025-01-13 - Vendor Disclosure
2025-11-19 - Vendor Patch Release
2025-12-01 - Public Release
Discovered by Kelly Patterson of Cisco Talos.