SUMMARY

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

CONFIRMED VULNERABLE VERSIONS

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

Socomec DIRIS Digiware M-70 1.6.9

PRODUCT URLS

DIRIS Digiware M-70 - https://www.socomec.us/en-us/reference/48290222

CVSSv3 SCORE

8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

DETAILS

The DIRIS Digiware M-50/M-70 gateway functions as the access point for industrial power monitoring systems, providing power supply and communication connection to devices in the electrical installation. It also includes a webserver WEBVIEW-M for the remote visualisation and analysis of measurements and consumption.

The Socomec M-70 has a Modbus TCP service that is used by it’s configuration software called Easy Config System. An attacker could send an unauthenticated packet using the Modbus TCP protcol to remotely reboot the device resulting in a denial of service.

An attacker can trigger the reboot mechanism by sending a Modbus TCP message using the Write Single Register function code (6) to write the specific value 178 to register number 57856.

Mitigation

Using the Cyber Security user profile in WEBVIEW-M, disable Modbus over Ethernet Writing.

VENDOR RESPONSE

Vendor Advisory: https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-48882—Diris-Digiware-Webview-_VULNERABILITIES_2025-11-03-16-39-38_English.pdf

TIMELINE

2025-01-13 - Vendor Disclosure
2025-04-11 - Vendor Patch Release
2025-12-01 - Public Release