CVE-2025-54848
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-01

Last updated on: 2025-12-08

Assigner: Talos

Description
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-01
Last Modified
2025-12-08
Generated
2026-05-07
AI Q&A
2025-12-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54848
EUVD
EUVD-2025-200034
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
socomec diris_digiware_m-70_firmware 1.6.9
socomec diris_digiware_m-70 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a denial of service issue in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. An attacker can send a specially crafted sequence of unauthenticated Modbus TCP packets to port 502 using the Write Single Register function code (6). By sending messages to specific registers in a particular order, the attacker triggers a configuration change that causes the device to enter a denial-of-service state, making it unavailable for normal operation.


How can this vulnerability impact me? :

This vulnerability can cause the affected device to become unavailable due to a denial-of-service condition. This means that critical monitoring or control functions relying on the Socomec DIRIS Digiware M-70 device could be disrupted, potentially impacting operational continuity and safety in environments where this device is used.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring network traffic for Modbus TCP messages sent to port 502 that use the Write Single Register function code (6) with a specific sequence: first a message to register 58112 with value 1000, then to register 29440 with a new Modbus address value, and finally to register 57856 with value 161. Commands using tools like tcpdump or Wireshark can be used to capture and analyze such packets. For example, a tcpdump command to capture Modbus TCP traffic on port 502 is: tcpdump -i <interface> tcp port 502. Then, analyze the captured packets for the described sequence.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to port 502 to trusted hosts only, implementing network segmentation or firewall rules to block unauthorized Modbus TCP traffic, and monitoring for the specific attack sequence. Additionally, applying any available patches or updates from the vendor when released is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart