Talos Vulnerability Report: CVE-2025-23417 Summary A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. An attacker can send a specially crafted network packet to trigger this vulnerability. CVE Number CVE-2025-23417 Confirmed Vulnerable Versions Socomec DIRIS Digiware M-70 1.6.9 Product URLs DIRIS Digiware M-70: https://www.socomec.us/en-us/reference/48290222 CVSSv3 Score 8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CWE CWE-306 - Missing Authentication for Critical Function Details The Socomec M-70 has a Modbus RTU over TCP service that is used by its configuration software called Easy Config System. An attacker could send an unauthenticated packet using the Modbus RTU over TCP protocol to remotely reboot the device, resulting in a denial of service. Mitigation Using the Cyber Security user profile in WEBVIEW-M, disable Modbus over Ethernet Writing. This change will disable writing over both ModbusTCP (port 502) and Modbus RTU over TCP (port 503). Vendor Response Vendor advisory: https://www.socomec.fr/sites/default/files/2025-11/CVE-2025-23417-Diris-Digiware-Webview_VULNERABILITIES_2025-11-03-16-43-17_English.pdf Timeline 2025-01-28 - Vendor Disclosure 2025-11-03 - Vendor Patch Release 2025-12-01 - Public Release Credit Discovered by Kelly Patterson of Cisco Talos.