CVE-2025-54849
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-01

Last updated on: 2025-12-08

Assigner: Talos

Description
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 502 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-01
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54849
EUVD
EUVD-2025-200033
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
socomec diris_digiware_m-70_firmware 1.6.9
socomec diris_digiware_m-70 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a denial of service issue in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. An attacker can send a specially crafted, unauthenticated Modbus TCP message to port 502 using the Write Single Register function code (6) to write the value 1 to register 4352. This changes the Modbus address to 15 and causes the device to enter a denial-of-service state, making it unavailable for normal operation.

Impact Analysis

This vulnerability can impact you by causing a denial-of-service condition on the affected device, rendering it unavailable or non-functional. Since the device stops responding properly after the attack, it can disrupt operations that rely on the Modbus communication, potentially leading to downtime or loss of monitoring and control capabilities.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for Modbus TCP messages sent to port 502 that use the Write Single Register function code (6) targeting register 4352 with the value 1. Network analysis tools like Wireshark or tcpdump can be used to capture and filter such packets. For example, using tcpdump: tcpdump -i <interface> 'tcp port 502' and then inspecting for Modbus function code 6 writing value 1 to register 4352.

Mitigation Strategies

Immediate mitigation steps include restricting access to port 502 on the affected devices to trusted hosts only, implementing network segmentation to isolate the device, and monitoring for suspicious Modbus TCP traffic. Additionally, applying any available patches or updates from the vendor when released is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart