A high-severity authentication bypass vulnerability has been identified in multiple Config products. This flaw allows an unauthenticated attacker to gain unauthorized access to user profile management functions, potentially enabling them to create, modify, or delete user accounts, leading to a complete compromise of the system's user access controls.

The vulnerability exists within the User profile management functionality, specifically in the Socomec Easy Config System 2 product line. A flaw in the authentication mechanism allows an attacker to circumvent login controls and directly access administrative functions related to user accounts. An unauthenticated remote attacker can exploit this by sending a specially crafted request to the system, granting them the ability to manage user profiles without providing valid credentials.

This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation could have a significant business impact, including unauthorized access to sensitive system configurations and data. An attacker could create rogue administrator accounts, delete existing legitimate accounts causing a denial of service, or modify user permissions to escalate privileges, potentially leading to a full system compromise, data breach, and operational disruption.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected systems. After patching, administrators should review all user accounts for unauthorized changes or additions that may have occurred prior to the update.

Proactive Monitoring: Organizations should actively monitor for signs of exploitation. This includes reviewing application and web server access logs for unusual requests to user profile management pages, especially from untrusted IP addresses. Set up alerts for any user account creation, deletion, or permission modification events that occur outside of scheduled maintenance windows or normal administrative activity.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Restrict network access to the system's management interface using firewalls, allowing connections only from a trusted administrative jump host or a secure network segment. If applicable, deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious requests targeting user management endpoints.

Public Exploit Available: false

Given the high severity (CVSS 7.3) of this authentication bypass vulnerability, we strongly recommend that organizations prioritize the immediate application of vendor-supplied patches. Although this CVE is not currently listed on the CISA KEV list, its critical nature warrants urgent attention. A successful exploit could grant an attacker complete control over user access, posing a direct and severe risk to the organization's security posture.