CVE-2025-54851
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-01

Last updated on: 2025-12-05

Assigner: Talos

Description
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-01
Last Modified
2025-12-05
Generated
2026-06-16
AI Q&A
2025-12-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54851
EUVD
EUVD-2025-200031
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
socomec diris_m-70_firmware 1.6.9
socomec diris_m-70 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a denial of service issue in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. An attacker can send a specially crafted, unauthenticated Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This causes the device's Modbus address to change to 15, which puts the device into a denial-of-service state, making it unresponsive to legitimate requests.

Impact Analysis

This vulnerability can impact you by causing a denial-of-service condition on the affected device, Socomec DIRIS Digiware M-70 1.6.9. An attacker can disrupt the normal operation of the device by sending a single crafted Modbus TCP message, rendering the device unresponsive and potentially interrupting any services or processes that rely on it.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for Modbus TCP messages sent to port 503 that use the Write Single Register function code (6) targeting register 4352 with the value 1. A command such as using tcpdump or Wireshark to filter for Modbus TCP packets on port 503 and inspecting for this specific write operation can help detect attempts to exploit this vulnerability. For example, a tcpdump command could be: tcpdump -i <interface> tcp port 503 and then analyzing packets for function code 6 writing value 1 to register 4352.

Mitigation Strategies

Immediate mitigation steps include restricting network access to port 503 to trusted hosts only, implementing network segmentation to isolate the affected device, and monitoring for suspicious Modbus TCP traffic. Since the vulnerability is triggered by unauthenticated packets, applying firewall rules to block unauthorized Modbus TCP traffic and disabling Modbus TCP access if not needed are recommended. Additionally, contacting the vendor for patches or updates is advised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart