CVE-2024-49572 – An unauthenticated denial-of-service vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-49572?

CVE-2024-49572 has a CVSS score of 7.2 (HIGH). An unauthenticated denial-of-service vulnerability in Socomec DIRIS Digiware M-70's Modbus TCP functionality allows attackers to send specially crafted packets that can crash the device and reset credentials to default documented values. This affects industrial control systems using DIRIS Digiware M-70 version 1.6.9. Attackers can exploit this without authentication over the network.

📋 TL;DR

An unauthenticated denial-of-service vulnerability in Socomec DIRIS Digiware M-70's Modbus TCP functionality allows attackers to send specially crafted packets that can crash the device and reset credentials to default documented values. This affects industrial control systems using DIRIS Digiware M-70 version 1.6.9. Attackers can exploit this without authentication over the network.

💻 Affected Systems

Products:

Socomec DIRIS Digiware M-70

Versions: 1.6.9

Operating Systems: Embedded/Industrial

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Modbus TCP functionality. Requires network access to port 502 (Modbus).

📦 What is this software?

Diris M 70 Firmware by Socomec

View all CVEs affecting Diris M 70 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Device becomes completely unresponsive, requiring physical reset, while credentials revert to publicly documented defaults, enabling full device compromise.

🟠

Likely Case

Temporary service disruption and credential reset requiring manual intervention to restore proper authentication.

🟢

If Mitigated

Limited impact if device is behind proper network segmentation and default credentials are changed.

🌐 Internet-Facing: HIGH - Unauthenticated network exploit with potential for credential compromise.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or malware, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires crafting specific Modbus TCP packets but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Socomec for updated firmware

Vendor Advisory: https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-49572---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-12-08_English_0.pdf

Restart Required: Yes

Instructions:

1. Contact Socomec support for patched firmware. 2. Backup device configuration. 3. Apply firmware update following vendor instructions. 4. Verify patch application and restore configuration.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Modbus TCP port 502 to trusted networks only.

firewall rules to block port 502 from untrusted networks

Change Default Credentials

all

Ensure all default documented credentials are changed to strong, unique values.

Use device management interface to change passwords

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach port 502/TCP
Monitor for unusual Modbus traffic patterns and failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console. If version is 1.6.9, device is vulnerable.

Check Version:

Check via web interface at http://<device-ip> or serial console connection

Verify Fix Applied:

Verify firmware version is updated beyond 1.6.9 per vendor guidance.

📡 Detection & Monitoring

Log Indicators:

Device crash/restart logs
Authentication failures followed by successful login with default credentials

Network Indicators:

Unusual Modbus TCP packets to port 502
Traffic patterns matching exploit signatures

SIEM Query:

source_port:502 AND (packet_size:<normal> OR protocol_anomaly:true)

📊 Metadata

CVE ID: CVE-2024-49572

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-306

EPSS Score: 0.04% exploit probability (12.4th percentile)

Published: December 1, 2025

Last Updated: December 5, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2118 Vendor Advisory
https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-49572---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-12-08_English_0.pdf Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2118 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49572, you might also want to check these: