CVE-2026-2491 identifies a missing authentication vulnerability (CWE-306) in the Socomec DIRIS A-40 power monitoring device's HTTP API. The device's web interface listens on TCP port 80 and lacks proper authentication controls for critical functions, allowing any network-adjacent attacker to bypass authentication entirely. This flaw exists in version 1.8.1 of the firmware. Because authentication is not enforced, an attacker can remotely invoke sensitive API functions without credentials or user interaction. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as attackers may access or manipulate monitoring data or device settings. The CVSS 3.0 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) reflects that the attack requires network adjacency but no privileges or user interaction, with low attack complexity and partial impact on system security properties. No patches or exploits are currently publicly available, but the vulnerability is publicly disclosed and should be addressed promptly. The affected product is used primarily in industrial and infrastructure environments for power monitoring, making it a target for attackers seeking to disrupt or manipulate critical energy management systems.

The vulnerability allows unauthorized network-adjacent attackers to bypass authentication and access critical functions on the DIRIS A-40 device. This can lead to unauthorized disclosure of sensitive power monitoring data (confidentiality impact), unauthorized modification of device configurations or data (integrity impact), and potential disruption or degradation of monitoring services (availability impact). While the impact is rated as medium, exploitation could facilitate further attacks on industrial control systems or energy infrastructure by providing attackers with footholds or intelligence. Organizations relying on these devices for energy management or operational monitoring could face operational disruptions, inaccurate data reporting, or exposure of sensitive infrastructure information. The lack of authentication increases the risk of insider threats or lateral movement within trusted networks. Although no known exploits exist in the wild, the vulnerability's ease of exploitation and critical function access make it a significant concern for industrial cybersecurity.

1. Immediately restrict network access to the DIRIS A-40 devices, ensuring that only trusted management networks or VPNs can reach TCP port 80. 2. Implement network segmentation and firewall rules to isolate these devices from general enterprise and internet-facing networks. 3. Monitor network traffic to and from DIRIS A-40 devices for unusual or unauthorized API requests. 4. Engage with Socomec support or authorized vendors to obtain firmware updates or patches addressing this vulnerability as they become available. 5. If patches are not yet available, consider disabling or limiting HTTP API functionality or replacing the device with a more secure alternative. 6. Conduct regular security audits and vulnerability assessments on industrial control and monitoring devices. 7. Employ intrusion detection systems tailored for industrial protocols to detect exploitation attempts. 8. Educate operational technology (OT) personnel about this vulnerability and enforce strict access controls and authentication policies for device management.