CVE-2026-2491
Authentication Bypass in Socomec DIRIS A-40 HTTP API
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| socomec | diris_a-40 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-2491 is an authentication bypass vulnerability in Socomec DIRIS A-40 power monitoring devices. The flaw exists in the device's HTTP web API, which listens on TCP port 80 by default. Because the API does not enforce authentication before granting access to certain functions, a network-adjacent attacker can exploit this vulnerability without needing any credentials."}, {'type': 'paragraph', 'content': "This means an attacker connected to the same network can bypass authentication controls and gain unauthorized access to the device's API."}] [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an attacker to bypass authentication on the affected device, potentially leading to unauthorized access.
The CVSS score of 6.3 indicates a moderate severity, with impacts on confidentiality, integrity, and availability to a limited extent.
- Confidentiality impact: Limited exposure of sensitive information.
- Integrity impact: Potential unauthorized modification of device data or settings.
- Availability impact: Possible disruption or degradation of device functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability affects the Socomec DIRIS A-40 power monitoring devices' HTTP API, which listens on TCP port 80 by default. Detection can be performed by scanning your network for devices with open TCP port 80 that identify as Socomec DIRIS A-40."}, {'type': 'paragraph', 'content': "To detect the vulnerability, you can attempt to access the device's HTTP API endpoints without authentication and observe if access is granted."}, {'type': 'list_item', 'content': 'Use nmap to scan for devices with port 80 open: nmap -p 80 --open -sV <target-network>'}, {'type': 'list_item', 'content': "Use curl or wget to send HTTP requests to the device's API endpoints without authentication and check for responses indicating access: curl http://<device-ip>/api/endpoint"}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the update released by Socomec that addresses and fixes this authentication bypass vulnerability.
Until the update can be applied, restrict network access to the affected devices, especially limiting access to TCP port 80 to trusted network segments or administrators only.
Consider placing the devices behind a firewall or VPN to prevent unauthorized network-adjacent attackers from reaching the vulnerable HTTP API.