Socomec DIRIS Digiware M-70 Cleartext Transmission Vulnerability in WEBVIEW-M
Vulnerability
A cleartext transmission vulnerability has been identified in the WEBVIEW-M functionality of the Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability allows for the disclosure of sensitive information through unencrypted HTTP requests. An attacker can intercept network traffic to exploit this issue, potentially leading to the hijacking of authenticated sessions or the capture of valid credentials for accessing the device.
Impact
Exploitation of this vulnerability could result in the interception of sensitive information such as credentials and session cookies, which could be used to hijack authenticated sessions or gain unauthorized access to the device.
Remediation
Users are advised to enable HTTPS communication for the WEBVIEW-M webserver. The Socomec DIRIS Digiware M-70 includes a user documentation that explains how to configure secure communication and activate HTTPS during the installation phase.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.