CVE-2024-45370 Overview
An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System version 2.6.1.0. This vulnerability, classified as CWE-302 (Authentication Bypass by Assumed-Immutable Data), allows attackers to gain unauthorized access by manipulating local database records. A specially crafted database record can bypass authentication controls, potentially leading to unauthorized system access with elevated privileges.
Critical Impact
This authentication bypass vulnerability allows local attackers with low privileges to modify database records and gain unauthorized access to Socomec Easy Config System, potentially leading to high integrity impact with the ability to cross security boundaries.
Affected Products
- Socomec Easy Config System 2.6.1.0
Discovery Timeline
- 2025-12-01 - CVE-2024-45370 published to NVD
- 2025-12-02 - Last updated in NVD database
Technical Details for CVE-2024-45370
Vulnerability Analysis
CVE-2024-45370 is an authentication bypass vulnerability with a CVSS 3.1 score of 7.3 (HIGH). The vulnerability resides in the User profile management functionality of Socomec Easy Config System. The CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N indicates:
- Attack Vector (Local): The attacker must have local access to the system
- Attack Complexity (Low): Exploitation does not require specialized conditions
- Privileges Required (Low): The attacker needs basic user privileges
- User Interaction (None): No user interaction is required for exploitation
- Scope (Changed): The vulnerability can affect resources beyond its security scope
- Confidentiality Impact (Low): Limited information disclosure possible
- Integrity Impact (High): Complete loss of integrity protection
- Availability Impact (None): No impact on system availability
The EPSS score of 0.025% with a percentile of 6.149 indicates a relatively low probability of exploitation in the wild, though the high integrity impact makes this vulnerability significant for affected organizations.
Root Cause
The root cause of this vulnerability lies in CWE-302: Authentication Bypass by Assumed-Immutable Data. The application incorrectly assumes that local database records containing user authentication data cannot be modified by an attacker. This design flaw fails to implement proper integrity verification of authentication-related database entries, allowing attackers with local access to tamper with user profile records and bypass authentication mechanisms.
Attack Vector
The attack vector requires local access to the system where Socomec Easy Config System is installed. An attacker with low-level privileges on the local system can identify and modify the database file containing user authentication records. By crafting malicious database entries, the attacker can manipulate the authentication logic to gain unauthorized access to the application with elevated privileges.
The vulnerability exploitation flow involves:
- Identifying the local database file used by Easy Config System for user profile management
- Analyzing the database structure to understand authentication record formats
- Modifying or inserting specially crafted records to bypass authentication checks
- Launching the application to gain unauthorized access with the manipulated credentials
For detailed technical analysis, refer to the Cisco Talos vulnerability report (TALOS-2024-2117) and the vendor security advisory.
Detection Methods for CVE-2024-45370
Indicators of Compromise
- Unexpected modifications to the Easy Config System local database files
- Unauthorized user accounts or privilege escalations within the application
- Unusual login activity from local accounts with elevated permissions
- Timestamp changes on database files without corresponding legitimate user actions
- Application log entries showing authentication from manipulated user profiles
Detection Strategies
Organizations should implement file integrity monitoring (FIM) on the Socomec Easy Config System installation directories, particularly focusing on database files used for user profile management. Monitor for:
- Database File Modifications: Track all changes to the local database files used by the application for authentication
- Privilege Escalation Events: Alert on users gaining elevated privileges within the Easy Config System
- Anomalous Access Patterns: Monitor for access patterns that don't align with normal user behavior
- Process Monitoring: Track processes accessing or modifying Easy Config System database files
SentinelOne Singularity platform can detect suspicious file modifications and unauthorized privilege escalation attempts through its behavioral AI engine, providing real-time alerting on potential exploitation attempts.
Monitoring Recommendations
Deploy comprehensive endpoint detection and response (EDR) solutions to monitor for suspicious local database modifications. Implement the following monitoring controls:
- Enable detailed audit logging for file system access on Easy Config System directories
- Configure alerts for database file modifications outside of normal application operations
- Monitor process execution chains that involve database manipulation tools
- Implement user behavior analytics to detect anomalous authentication patterns
- Regularly audit user accounts and privileges within the Easy Config System application
How to Mitigate CVE-2024-45370
Immediate Actions Required
- Review and update to the latest version of Socomec Easy Config System if a patched version is available
- Restrict local system access to only authorized administrators
- Implement file integrity monitoring on Easy Config System database files
- Audit current user profiles and permissions within the application
- Apply principle of least privilege to all local system accounts
Patch Information
Socomec has published a security advisory addressing CVE-2024-45370. Organizations should consult the official vendor advisory at the Socomec website for specific patch information and remediation guidance. The vulnerability was identified by Cisco Talos and tracked as TALOS-2024-2117.
Vendor References:
- Socomec Security Advisory: https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf
- Cisco Talos Report: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2117
Workarounds
If immediate patching is not possible, implement the following compensating controls:
- Restrict Local Access: Limit local system access to essential personnel only and implement strong access controls
- File System Permissions: Configure restrictive file system permissions on Easy Config System directories and database files to prevent unauthorized modifications
- Database Encryption: If supported, enable encryption for local database files to prevent tampering
- Network Segmentation: Isolate systems running Easy Config System from general user networks
- Enhanced Monitoring: Deploy endpoint protection solutions with file integrity monitoring capabilities to detect unauthorized database modifications
# Example: Restrict file permissions on Windows (adjust path as needed)
# icacls "C:\Program Files\Socomec\Easy Config System\*.db" /inheritance:r /grant:r Administrators:F /grant:r SYSTEM:F
# Example: Enable auditing on database directory
# auditpol /set /subcategory:"File System" /success:enable /failure:enable
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
