CVE-2025-55222
📋 TL;DR
An unauthenticated denial-of-service vulnerability exists in Socomec DIRIS Digiware M-70 devices running version 1.6.9. Attackers can send specially crafted Modbus RTU over TCP packets to port 503 to crash the device, disrupting power monitoring functionality. This affects industrial control systems using these specific power monitoring devices.
💻 Affected Systems
- Socomec DIRIS Digiware M-70
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device crash requiring physical restart, disrupting power monitoring and potentially affecting downstream industrial processes that rely on this data.
Likely Case
Temporary service disruption of the power monitoring system until manual intervention restarts the device.
If Mitigated
Minimal impact if network segmentation prevents external access to port 503 and proper monitoring detects anomalous traffic.
🎯 Exploit Status
The vulnerability requires sending specially crafted packets to port 503, which is straightforward for attackers with network access. No authentication is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
Check with Socomec for security updates. As of this analysis, no official patch has been released according to the referenced Talos Intelligence report.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to port 503/TCP to only trusted Modbus clients using firewall rules.
Disable Unused Modbus Interfaces
allIf Modbus RTU over TCP USB Function is not required, disable it in device configuration.
🧯 If You Can't Patch
- Implement strict network access controls to isolate DIRIS Digiware M-70 devices from untrusted networks.
- Monitor port 503/TCP traffic for anomalous patterns and implement rate limiting where possible.
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or serial console. If version is 1.6.9 and Modbus interfaces are enabled, the device is vulnerable.Check Version:
Check via device web interface at System > Information or via serial console using manufacturer-specific commands.Verify Fix Applied:
Verify firmware has been updated to a version beyond 1.6.9 or that workarounds have been properly implemented.📡 Detection & Monitoring
Log Indicators:
- Device restart logs without normal shutdown
- Modbus protocol errors or malformed packet alerts
Network Indicators:
- Unusual traffic spikes to port 503/TCP
- Malformed Modbus RTU over TCP packets
SIEM Query:
source_port:503 AND (packet_size:<normal_range OR protocol_violation:true)