CVE-2024-48894 – This CVE describes a cleartext transmission vul... (How to Fix)

Q: What is the severity of CVE-2024-48894?

CVE-2024-48894 has a CVSS score of 5.9 (MEDIUM). This CVE describes a cleartext transmission vulnerability in Socomec DIRIS Digiware M-70's WEBVIEW-M functionality, allowing attackers to intercept unencrypted HTTP traffic and potentially disclose sensitive information. It affects users of Socomec DIRIS Digiware M-70 version 1.6.9, particularly those with network exposure.

📋 TL;DR

This CVE describes a cleartext transmission vulnerability in Socomec DIRIS Digiware M-70's WEBVIEW-M functionality, allowing attackers to intercept unencrypted HTTP traffic and potentially disclose sensitive information. It affects users of Socomec DIRIS Digiware M-70 version 1.6.9, particularly those with network exposure.

💻 Affected Systems

Products:

Socomec DIRIS Digiware M-70

Versions: 1.6.9

Operating Systems: Embedded or proprietary OS on the device

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the WEBVIEW-M functionality; default configurations likely expose HTTP traffic without encryption.

📦 What is this software?

Diris M 70 Firmware by Socomec

View all CVEs affecting Diris M 70 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept sensitive data like credentials or configuration details, leading to unauthorized access, data theft, or further network compromise.

🟠

Likely Case

Attackers sniffing network traffic could capture unencrypted sensitive information, such as login credentials or device data, enabling reconnaissance or credential misuse.

🟢

If Mitigated

With proper network segmentation and encryption controls, the risk is reduced to minimal, limiting exposure to internal threats only.

🌐 Internet-Facing: HIGH, as internet-facing devices allow remote attackers to exploit this without network access prerequisites.

🏢 Internal Only: MEDIUM, as internal attackers or malware could exploit it if they have network access, but requires local presence.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation involves sniffing network traffic, which is straightforward with tools like Wireshark, but no public proof-of-concept is confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-48894---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-22-18_English_0.pdf

Restart Required: Yes

Instructions:

1. Review the vendor advisory for patching details. 2. Download and apply the recommended firmware update from Socomec. 3. Restart the device to activate the patch. 4. Verify the fix by checking for encrypted traffic.

🔧 Temporary Workarounds

Enable HTTPS or Encryption

all

Configure the device to use HTTPS or other encryption methods for WEBVIEW-M traffic to prevent cleartext transmission.

Refer to device documentation for HTTPS configuration commands; no universal command available.

Network Segmentation

all

Isolate the device on a separate VLAN or network segment to limit exposure to potential sniffing attacks.

Configure network switches or firewalls to restrict access; e.g., on a Cisco switch: 'vlan 10', 'interface vlan 10', 'ip access-group restrict-in'.

🧯 If You Can't Patch

Implement network-level encryption (e.g., VPN or TLS tunneling) for all traffic to and from the device.
Monitor network traffic for unauthorized sniffing activities and restrict physical and logical access to the network.

🔍 How to Verify

Check if Vulnerable:

Use a network sniffer like Wireshark to capture HTTP traffic from the device; if sensitive data is transmitted in cleartext, it is vulnerable.

Check Version:

Check the device's web interface or CLI for firmware version; command varies by device (e.g., 'show version' in device console).

Verify Fix Applied:

After patching, use Wireshark to confirm that traffic is encrypted (e.g., HTTPS) and no cleartext sensitive data is visible.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests or access logs showing cleartext data transmission
Failed encryption attempts or misconfigurations in device logs

Network Indicators:

Cleartext HTTP traffic containing sensitive strings (e.g., passwords, keys) in packet captures
Unexpected network sniffing tools detected on the segment

SIEM Query:

Example: 'source="device_logs" AND (event="HTTP" AND data="password")' or 'network_traffic protocol="HTTP" AND payload_contains="sensitive"'

📊 Metadata

CVE ID: CVE-2024-48894

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: December 1, 2025

Last Updated: December 5, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2115 Vendor Advisory
https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-48894---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-22-18_English_0.pdf Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2115 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48894, you might also want to check these: