CVE-2024-48894 is a vulnerability identified in the Socomec DIRIS Digiware M-70 energy monitoring device, specifically in its WEBVIEW-M functionality in version 1.6.9. The issue arises from the device transmitting sensitive information in cleartext over HTTP, which can be intercepted by an attacker with network access. A specially crafted HTTP request can trigger the device to disclose sensitive data, potentially including configuration details, operational metrics, or authentication tokens. The vulnerability is categorized under CWE-319, indicating cleartext transmission of sensitive information. The CVSS v3.1 score is 5.9 (medium severity) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, meaning the attack is network-based, requires high complexity, no privileges or user interaction, and impacts confidentiality only. No patches or exploits are currently known, but the risk remains for attackers capable of sniffing network traffic, such as those with access to local or compromised networks. This vulnerability highlights a common weakness in industrial IoT devices where secure communication protocols are not enforced, exposing sensitive operational data to interception and potential misuse.

For European organizations, particularly those in energy, manufacturing, and critical infrastructure sectors, this vulnerability poses a risk of sensitive data exposure. The disclosure of operational or configuration information could aid attackers in reconnaissance or subsequent attacks on industrial control systems. Although the vulnerability does not allow direct system compromise or disruption, leaked information could facilitate targeted attacks or espionage. Organizations relying on Socomec DIRIS Digiware M-70 devices may face compliance issues with GDPR and other data protection regulations if sensitive data is exposed. The impact is heightened in environments where network segmentation is weak or where devices are accessible from less secure network segments. Confidentiality breaches could undermine trust in operational technology security and potentially lead to financial or reputational damage.

1. Immediately segment networks to isolate DIRIS Digiware M-70 devices from general IT and internet-facing networks, limiting exposure to trusted personnel only. 2. Deploy encrypted tunnels such as VPNs or IPsec to protect communications with the device, preventing sniffing of cleartext traffic. 3. Monitor network traffic for unusual HTTP requests or unexpected data flows involving the device. 4. Restrict physical and logical access to the device and its management interfaces. 5. Engage with Socomec support to inquire about firmware updates or patches addressing this vulnerability. 6. Implement strict access control lists (ACLs) on network devices to limit which hosts can communicate with the DIRIS Digiware M-70. 7. Conduct regular security assessments of industrial control systems to identify and remediate similar cleartext transmission issues. 8. Educate operational technology teams about the risks of unencrypted communications and the importance of secure protocols.