Primary

Context

Socomec Easy Config System Authentication Bypass Vulnerability in User Profile Management

Vulnerability

A vulnerability allowing authentication bypass has been identified in the user profile management feature of Socomec Easy Config System version 2.6.1.0. This vulnerability arises from the application's reliance on a local SQLite database that contains password hashes and a field indicating whether a password is required for each user profile. An attacker with system access can modify the database to disable the password requirement, granting unauthorized access to the application without a password. This exploitation allows access to all configuration items of connected devices.

Impact

Exploitation of this vulnerability allows unauthorized access to the application, bypassing password requirements and granting access to all configuration items of connected devices.

Remediation

Socomec has released a patch for this vulnerability in version 3.1 of the Easy Config System. Users are advised to update to this version.

Added: Dec 1, 2025, 4:38 PM

Updated: Dec 1, 2025, 5:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Socomec Easy Config System Authentication Bypass Vulnerability in User Profile Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating