CVE-2025-54849
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-54849, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-01

Last updated on: 2025-12-08

Assigner: Talos

Description

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 502 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-01
Last Modified
2025-12-08
Generated
2026-07-06
AI Q&A
2025-12-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
socomec diris_digiware_m-70_firmware 1.6.9
socomec diris_digiware_m-70 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a denial of service issue in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. An attacker can send a specially crafted, unauthenticated Modbus TCP message to port 502 using the Write Single Register function code (6) to write the value 1 to register 4352. This changes the Modbus address to 15 and causes the device to enter a denial-of-service state, making it unavailable for normal operation.

Impact Analysis

This vulnerability can impact you by causing a denial-of-service condition on the affected device, rendering it unavailable or non-functional. Since the device stops responding properly after the attack, it can disrupt operations that rely on the Modbus communication, potentially leading to downtime or loss of monitoring and control capabilities.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for Modbus TCP messages sent to port 502 that use the Write Single Register function code (6) targeting register 4352 with the value 1. Network analysis tools like Wireshark or tcpdump can be used to capture and filter such packets. For example, using tcpdump: tcpdump -i <interface> 'tcp port 502' and then inspecting for Modbus function code 6 writing value 1 to register 4352.

Mitigation Strategies

Immediate mitigation steps include restricting access to port 502 on the affected devices to trusted hosts only, implementing network segmentation to isolate the device, and monitoring for suspicious Modbus TCP traffic. Additionally, applying any available patches or updates from the vendor when released is recommended.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart