CVE-2026-2491 - Vulnerability Details

- Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

Description

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993.

Published: 2026-03-13

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Socomec DIRIS A-40 power monitoring devices expose a web API on TCP port 80 that does not enforce authentication. Consequently, an attacker on the local network can send API requests and perform any operations the API allows without credentials. This constitutes an authentication bypass weakness identified as CWE-306.

Affected Systems

The affected product is Socomec DIRIS A-40. No specific firmware or revision information is provided, so all installations of this device should be considered potentially vulnerable. (Known affected version data is missing.)

Risk and Exploitability

The vulnerability has a CVSS base score of 6.3, indicating moderate severity, and an EPSS score of less than 1%, suggesting a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. The attack vector is local network (network‑adjacent) and requires only access to the device’s default HTTP service; no authentication or additional credentials are needed. These characteristics mean the flaw can be easily leveraged by any attacker who can reach the device over TCP port 80.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Socomec

DIRIS A-40

unknown

Version	Status	Constraints
`1.8.1`	affected	—

No data.

Vendor Product Confidence Versions

Socomec

Diris A-40

100%

Version	Status	Scheme	Platform
`1.8.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check whether a vendor firmware or software patch is available for the Socomec DIRIS A-40 and apply it if available.
Restrict external access to TCP port 80 on the device by configuring firewall or network ACL rules to allow only trusted IP addresses.
Monitor the device’s network traffic for repeated or unauthorized API requests and investigate any anomalies.
If a patch or access restriction is not available, consider isolating the device from the network or replacing it with a newer model that addresses the flaw.

Generated by OpenCVE AI on March 18, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://emea.socomec.com/en/resource-center/resource-type/cyber-vulnerabilities-601
https://www.zerodayinitiative.com/advisories/ZDI-26-129/

History

Mon, 16 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Socomec Socomec diris A-40
Vendors & Products		Socomec Socomec diris A-40

Fri, 13 Mar 2026 21:00:00 +0000

Type	Values Removed	Values Added
Description		Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993.
Title		Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
Weaknesses		CWE-306
References		https://emea.socomec.com/en/resource-center/resource-type/cyber-vulnerabilities-601 https://www.zerodayinitiative.com/advisories/ZDI-26-129/
Metrics		cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

Subscriptions

Socomec Diris A-40

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2026-03-13T20:43:15.417Z

Updated: 2026-03-16T15:41:05.821Z

Reserved: 2026-02-13T21:14:10.749Z

Link: CVE-2026-2491

Vulnrichment

Updated: 2026-03-16T15:31:43.467Z

NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:19:30.543

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-2491

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T13:39:35Z

Weaknesses

CWE-306

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object