CVE-2024-45370
📋 TL;DR
An authentication bypass vulnerability in Socomec Easy Config System 2.6.1.0 allows attackers to gain unauthorized access by modifying local database records. This affects users of the Easy Config System software for managing Socomec power monitoring devices. Attackers with local access to the system can exploit this to bypass authentication mechanisms.
💻 Affected Systems
- Socomec Easy Config System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to reconfigure power monitoring devices, potentially causing operational disruption or safety issues in critical infrastructure.
Likely Case
Unauthorized access to configuration settings, allowing attackers to modify device parameters, disable monitoring, or exfiltrate sensitive operational data.
If Mitigated
Limited impact if proper network segmentation and access controls prevent local database access.
🎯 Exploit Status
Exploitation requires local system access to modify database files. No authentication needed once local access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.1.1 or later
Vendor Advisory: https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf
Restart Required: Yes
Instructions:
1. Download updated version from Socomec support portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system. 5. Verify version is 2.6.1.1 or later.
🔧 Temporary Workarounds
Restrict Local Database Access
windowsImplement strict file permissions and access controls on the Easy Config System database files to prevent unauthorized modifications.
icacls "C:\Program Files\Socomec\Easy Config System\database\*" /deny Users:(F)
icacls "C:\Program Files\Socomec\Easy Config System\database\*" /grant Administrators:(F)
Network Segmentation
allIsolate systems running Easy Config System from general network access to limit potential attack surface.
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local access to systems running Easy Config System.
- Monitor database file integrity and access logs for unauthorized modification attempts.
🔍 How to Verify
Check if Vulnerable:
Check software version in Help > About menu. If version is exactly 2.6.1.0, system is vulnerable.Check Version:
Check Help > About in Easy Config System GUI or examine installed programs in Windows Control Panel.Verify Fix Applied:
Verify version is 2.6.1.1 or later in Help > About menu. Test authentication functionality works correctly.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to database files
- Authentication bypass events in application logs
- Unexpected configuration changes
Network Indicators:
- Unusual configuration changes to connected Socomec devices
- Unexpected network traffic from Easy Config System
SIEM Query:
source="windows" AND (event_id=4663 OR event_id=4656) AND object_name="*Easy Config System*database*" AND access_mask=0x100