CVE-2024-45370 is a high-severity authentication bypass vulnerability identified in Socomec Easy Config System version 2.6.1.0, specifically within its user profile management functionality. The root cause is an assumption that certain data in the local database is immutable, which is incorrect. An attacker with low-level privileges can craft or modify a local database record to bypass authentication controls, thereby gaining unauthorized access to the system. This bypass does not require user interaction but does require local access with at least low privileges. The vulnerability impacts the confidentiality and integrity of the system by allowing unauthorized users to escalate privileges or access sensitive configuration data. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N) indicates local attack vector, low attack complexity, low privileges required, no user interaction, scope changed, low confidentiality impact, high integrity impact, and no availability impact. Although no public exploits are currently known, the vulnerability poses a significant risk due to the critical nature of the Socomec Easy Config System, which is used for configuring and managing power and energy equipment. The lack of available patches at the time of publication increases the urgency for organizations to implement interim mitigations.

For European organizations, particularly those in industrial, energy, and critical infrastructure sectors, this vulnerability could lead to unauthorized access to power management configurations, potentially disrupting operational integrity or enabling further attacks. Compromise of the Easy Config System could allow attackers to alter device configurations, leading to mismanagement of power systems or exposure of sensitive operational data. Given the reliance on Socomec products in European markets for energy management and industrial automation, exploitation could have cascading effects on operational continuity and safety. The confidentiality impact, while rated low, could still expose sensitive configuration data, and the high integrity impact could allow malicious changes that undermine system trustworthiness. The requirement for local access somewhat limits remote exploitation but does not eliminate risk from insider threats or attackers who gain initial footholds through other means.

1. Restrict and tightly control local access to systems running Socomec Easy Config System to trusted personnel only. 2. Implement file integrity monitoring on the local database files to detect unauthorized modifications promptly. 3. Employ application whitelisting and endpoint protection to prevent unauthorized modification of the database or execution of untrusted code. 4. Regularly audit user privileges and remove unnecessary local access rights to minimize attack surface. 5. Monitor logs and system behavior for anomalies indicative of authentication bypass attempts. 6. Coordinate with Socomec for timely receipt and application of official patches or updates addressing this vulnerability. 7. Consider network segmentation to isolate systems running Easy Config System from broader enterprise networks to limit lateral movement. 8. Educate staff about the risks of local privilege escalation and enforce strict physical and logical access controls.