What is CVE-2019-15859?

CVE-2019-15859 is a vulnerability in N/a. Published 2019-10-09.

Is CVE-2019-15859 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-15859

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.

EPSS: 0.821 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
d4n-sec/d4n-sec.github.io

References

www.socomec.com/single-circuit-multifunction-meters_en.html (x_refsource_MISC)
20191008 Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-15859?: CVE-2019-15859 is a vulnerability in N/a. Published 2019-10-09.
Is CVE-2019-15859 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.