Cybersecurity Vulnerabilities

Critical DoS Vulnerability Discovered in Socomec DIRIS Digiware M-70 (CVE-2025-54850)

December 1, 2025 - By 

Overview

A high-severity denial-of-service (DoS) vulnerability, identified as CVE-2025-54850, has been discovered in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability allows an unauthenticated attacker to disrupt the device’s operation by sending a specially crafted series of network requests.

Technical Details

The vulnerability lies in the device’s handling of Modbus RTU over TCP messages. An attacker can trigger a denial-of-service condition by sending a specific sequence of Modbus RTU over TCP messages to port 503 using the Write Single Register function code (6). The attack sequence involves:

  1. Sending a message to register 58112 with a value of 1000, indicating an upcoming configuration change.
  2. Sending a message to register 29440 with a value representing the new Modbus address to be configured.
  3. Sending a message to register 57856 with a value of 161 to commit the configuration change.

After this configuration change, the device enters a denial-of-service state and becomes unresponsive.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-54850 is 7.5 (HIGH). This score reflects the vulnerability’s potential for significant impact due to the ease of exploitation and the potential for disruption of critical services.

Possible Impact

A successful exploit of this vulnerability can lead to the following:

  • Denial of Service: The primary impact is the device becoming unresponsive, preventing it from performing its intended functions.
  • Loss of Monitoring Data: Critical monitoring data from the Socomec DIRIS Digiware M-70 may be unavailable, potentially impacting operational awareness.
  • Disruption of Industrial Processes: In industrial environments where the device is used for monitoring and control, this vulnerability could disrupt critical processes.

Mitigation and Patch Steps

Currently, specific mitigation steps or patches may not be publicly available. However, the following general recommendations can help reduce the risk:

  • Network Segmentation: Isolate the Socomec DIRIS Digiware M-70 devices on a separate network segment to limit exposure to potential attackers.
  • Access Control Lists (ACLs): Implement ACLs on network devices to restrict access to the device only to authorized systems.
  • Intrusion Detection/Prevention Systems (IDS/IPS): Deploy IDS/IPS solutions to monitor network traffic for malicious activity and potentially block exploitation attempts.
  • Vendor Updates: Regularly check the Socomec website or contact their support for any available firmware updates or security advisories. Install any released patches immediately.
  • Disable Unnecessary Services: Disable any unnecessary services or protocols on the device to reduce the attack surface.

Contact Socomec support for the latest security recommendations and available patches.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *