CVE-2025-54851
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-01

Last updated on: 2025-12-05

Assigner: Talos

Description
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-01
Last Modified
2025-12-05
Generated
2026-05-07
AI Q&A
2025-12-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54851
EUVD
EUVD-2025-200031
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
socomec diris_m-70_firmware 1.6.9
socomec diris_m-70 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a denial of service issue in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. An attacker can send a specially crafted, unauthenticated Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This causes the device's Modbus address to change to 15, which puts the device into a denial-of-service state, making it unresponsive to legitimate requests.


How can this vulnerability impact me? :

This vulnerability can impact you by causing a denial-of-service condition on the affected device, Socomec DIRIS Digiware M-70 1.6.9. An attacker can disrupt the normal operation of the device by sending a single crafted Modbus TCP message, rendering the device unresponsive and potentially interrupting any services or processes that rely on it.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring network traffic for Modbus TCP messages sent to port 503 that use the Write Single Register function code (6) targeting register 4352 with the value 1. A command such as using tcpdump or Wireshark to filter for Modbus TCP packets on port 503 and inspecting for this specific write operation can help detect attempts to exploit this vulnerability. For example, a tcpdump command could be: tcpdump -i <interface> tcp port 503 and then analyzing packets for function code 6 writing value 1 to register 4352.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to port 503 to trusted hosts only, implementing network segmentation to isolate the affected device, and monitoring for suspicious Modbus TCP traffic. Since the vulnerability is triggered by unauthenticated packets, applying firewall rules to block unauthorized Modbus TCP traffic and disabling Modbus TCP access if not needed are recommended. Additionally, contacting the vendor for patches or updates is advised.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart