CVE-2024-45370

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

Weakness

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/10.html
• https://cwe.mitre.org/data/definitions/13.html
• https://cwe.mitre.org/data/definitions/21.html
• https://cwe.mitre.org/data/definitions/274.html
• https://cwe.mitre.org/data/definitions/31.html
• https://cwe.mitre.org/data/definitions/39.html
• https://cwe.mitre.org/data/definitions/45.html
• https://cwe.mitre.org/data/definitions/77.html

References

• https://talosintelligence.com/vulnerability_reports/TALOS-2024-2117
• https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2117