Overview
A high-severity denial-of-service (DoS) vulnerability, identified as CVE-2025-55222, has been discovered in the Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability stems from the improper handling of specifically crafted network packets within the Modbus TCP and Modbus RTU over TCP USB Function functionality. An attacker can exploit this flaw by sending an unauthenticated malicious message via Modbus RTU over TCP on port 503, leading to a denial-of-service condition.
Technical Details
The vulnerability arises from a lack of proper input validation when processing Modbus RTU over TCP messages on port 503. A specially crafted packet can overwhelm the device’s resources, causing it to become unresponsive and unavailable. The vulnerability is triggered when the DIRIS Digiware M-70 attempts to process a malformed or oversized Modbus request. This processing failure leads to a system crash or hang, resulting in a denial-of-service condition.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns this vulnerability a score of 8.6, indicating a high severity. The CVSS vector reflects the following characteristics:
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality Impact (C): None (N)
- Integrity Impact (I): None (N)
- Availability Impact (A): High (H)
This score reflects the ease with which the vulnerability can be exploited over a network without requiring any authentication or user interaction, resulting in a significant impact on the availability of the affected device.
Possible Impact
Successful exploitation of CVE-2025-55222 can lead to a complete denial of service of the Socomec DIRIS Digiware M-70 device. This can disrupt critical monitoring and control functionalities in industrial and commercial environments where these devices are deployed. The impact includes:
- Loss of real-time energy monitoring data.
- Inability to control or manage connected equipment.
- Potential disruption of industrial processes reliant on the device’s functionality.
- Possible cascading failures in interconnected systems.
Mitigation and Patch Steps
Currently, the primary mitigation strategy is to implement network segmentation and access control lists (ACLs) to restrict access to port 503 on the DIRIS Digiware M-70 device. Limit access to only trusted IP addresses or networks.
Important: Contact Socomec immediately for a security patch or firmware update that addresses this vulnerability. Once a patch is available, apply it as soon as possible following Socomec’s recommended procedures.
In the absence of a patch, consider alternative monitoring solutions or implementing redundant systems to minimize the impact of a potential denial-of-service attack.
