CVE-2024-45370 is a high-severity authentication bypass vulnerability identified in Socomec Easy Config System version 2.6.1.0, specifically within its User profile management functionality. The root cause is an assumption in the software that certain data within the local database is immutable and trustworthy. An attacker with low-level local privileges can craft or modify a database record to exploit this assumption, effectively bypassing authentication mechanisms. This allows unauthorized access to the system, potentially enabling privilege escalation or unauthorized configuration changes. The vulnerability does not require user interaction and has a low attack complexity, but it does require local access with at least limited privileges. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N) indicates that the attack is local, requires low complexity, low privileges, no user interaction, and impacts confidentiality and integrity with a scope change. Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the critical nature of the affected system, which is used for configuring and managing power and energy systems. The lack of available patches at the time of publication necessitates immediate compensating controls to prevent exploitation.

For European organizations, the impact of CVE-2024-45370 can be substantial, especially for those in critical infrastructure sectors such as energy, manufacturing, and data centers where Socomec Easy Config System is deployed. Unauthorized access due to authentication bypass can lead to unauthorized configuration changes, data manipulation, or privilege escalation, potentially disrupting operational technology environments. Confidentiality is moderately impacted as attackers can gain access to sensitive configuration data, while integrity is highly impacted due to the possibility of unauthorized modifications. Availability is not directly affected, but indirect effects could arise from misconfigurations or sabotage. Given the local access requirement, insider threats or attackers who have gained initial footholds could exploit this vulnerability to deepen their access. The vulnerability could also facilitate lateral movement within networks, increasing the risk of broader compromise. European organizations must consider the regulatory implications of unauthorized access, including GDPR concerns if personal data is involved.

1. Restrict local access to systems running Socomec Easy Config System to trusted and authorized personnel only, enforcing strict access controls and monitoring. 2. Implement file integrity monitoring on the local database files to detect unauthorized modifications promptly. 3. Use endpoint detection and response (EDR) tools to monitor for suspicious local activity indicative of exploitation attempts. 4. Apply the principle of least privilege to all users and processes interacting with the system to minimize the risk of local privilege escalation. 5. Segregate network segments to limit lateral movement opportunities if an attacker gains local access. 6. Regularly back up configuration and database files to enable recovery in case of tampering. 7. Engage with Socomec for timely patch releases and apply updates as soon as they become available. 8. Conduct security awareness training emphasizing the risks of local access compromise and insider threats. 9. Review and harden system configurations to reduce attack surface and disable unnecessary services. 10. Consider deploying application whitelisting to prevent unauthorized modifications to critical files.