{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2491", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-02-13T21:14:10.749Z", "datePublished": "2026-03-13T20:43:15.417Z", "dateUpdated": "2026-03-16T15:41:05.821Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:43:15.417Z"}, "title": "Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability", "descriptions": [{"lang": "en", "value": "Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993."}], "affected": [{"vendor": "Socomec", "product": "DIRIS A-40", "versions": [{"version": "1.8.1", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-129/", "name": "ZDI-26-129", "tags": ["x_research-advisory"]}, {"url": "https://emea.socomec.com/en/resource-center/resource-type/cyber-vulnerabilities-601", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-13T21:14:10.777Z", "datePublic": "2026-02-25T18:09:18.247Z", "source": {"lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2491", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T15:26:54.111400Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T15:41:05.821Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2491", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T15:26:54.111400Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T15:31:43.467Z"}}], "cna": {"title": "Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability", "source": {"lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "Socomec", "product": "DIRIS A-40", "versions": [{"status": "affected", "version": "1.8.1"}], "defaultStatus": "unknown"}], "datePublic": "2026-02-25T18:09:18.247Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-129/", "name": "ZDI-26-129", "tags": ["x_research-advisory"]}, {"url": "https://emea.socomec.com/en/resource-center/resource-type/cyber-vulnerabilities-601", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-02-13T21:14:10.777Z", "descriptions": [{"lang": "en", "value": "Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-03-13T20:43:15.417Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2491", "state": "PUBLISHED", "dateUpdated": "2026-03-16T15:41:05.821Z", "dateReserved": "2026-02-13T21:14:10.749Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-03-13T20:43:15.417Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993."}], "id": "CVE-2026-2491", "lastModified": "2026-03-16T14:53:07.390", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:30.543", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://emea.socomec.com/en/resource-center/resource-type/cyber-vulnerabilities-601"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-129/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.8.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DIRIS A-40", "source": "cna", "vendor": "Socomec"}, "product": "diris_a-40", "vendor": "socomec"}], "analysis": {"en": {"generated_at": "2026-03-18T15:06:20.747496+00:00", "value": {"mitigation_remediation": ["Check whether a vendor firmware or software patch is available for the Socomec DIRIS A-40 and apply it if available.", "Restrict external access to TCP port 80 on the device by configuring firewall or network ACL rules to allow only trusted IP addresses.", "Monitor the device\u2019s network traffic for repeated or unauthorized API requests and investigate any anomalies.", "If a patch or access restriction is not available, consider isolating the device from the network or replacing it with a newer model that addresses the flaw."], "summary": {"action": "Patch ASAP", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The affected product is Socomec DIRIS A-40. No specific firmware or revision information is provided, so all installations of this device should be considered potentially vulnerable. (Known affected version data is missing.)", "description_and_impact": "Socomec DIRIS A-40 power monitoring devices expose a web API on TCP port 80 that does not enforce authentication. Consequently, an attacker on the local network can send API requests and perform any operations the API allows without credentials. This constitutes an authentication bypass weakness identified as CWE-306.", "risk_and_exploitability": "The vulnerability has a CVSS base score of 6.3, indicating moderate severity, and an EPSS score of less than 1%, suggesting a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. The attack vector is local network (network\u2011adjacent) and requires only access to the device\u2019s default HTTP service; no authentication or additional credentials are needed. These characteristics mean the flaw can be easily leveraged by any attacker who can reach the device over TCP port 80."}}}}, "created": "2026-03-16T09:23:03.322026+00:00", "updated": "2026-03-23T13:39:35.493688+00:00", "vendors": ["socomec", "socomec$PRODUCT$diris_a-40"]}