CVE-2025-54848

Name of the Vulnerable Software and Affected Versions Socomec DIRIS Digiware M-70 version 1.6.9

Description A denial of service condition can occur in the Modbus TCP and Modbus RTU over TCP functionality. An attacker can trigger this by sending a sequence of unauthenticated network packets. Specifically, the attack involves sending a series of Modbus TCP messages to port 502 using the Write Single Register function code (6). The sequence starts with a message to register 58112 with a value of 1000, followed by a message to register 29440 with a value representing a new Modbus address. The attack concludes with a message to register 57856 with a value of 161, which commits a configuration change and results in a denial-of-service state.

Recommendations Update to a newer version that contains a fix for this vulnerability.