CVE-2024-45370

HIGH7.3

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2

Published Dec 1, 2025

Modified 1 months ago

Details

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

References

WEBhttps://talosintelligence.com/vulnerability_reports/TALOS-2024-2117 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-45370 WEBhttps://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf WEBhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2117

CVSS Analysis

CVSS v3.1

7.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

LowC:L

Integrity

HighI:H

Availability

NoneA:N

7.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N

Weakness Type (CWE)

Other

CWE-302

Ecosystems

Timeline

PublishedDec 1, 2025

ModifiedDec 1, 2025