Talos Vulnerability Report - TALOS-2025-2251 Summary Vulnerability Description: A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. An attacker can trigger this by sending an unauthenticated packet. CVE Numbers: CVE-2025-55222, CVE-2025-55221 Affected Versions Confirmed Vulnerable Versions: Socomec DIRIS Digiware M-70 1.6.9 Severity CVSSv3 Score: 8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CWE CWE-306: Missing Authentication for Critical Function Technical Details Vulnerable Components: Modbus TCP and Modbus RTU over TCP services. Trigger Condition: Sending an unauthenticated packet with specific data using the Write Single Register function code (6) for register 57872. Impact: Device becomes unresponsive, requiring a manual power cycle to restore functionality. Mitigation CVE-2025-55221 - Modbus TCP: Disable Modbus over Ethernet Writing in WEBVIEW-M. CVE-2025-55222 - Modbus RTU over TCP: Disable Modbus over Ethernet Writing in WEBVIEW-M. Vendor Response Links to vendor advisories are provided. Timeline 2025-08-21: Vendor Disclosure 2025-10-28: Vendor Patch Release 2025-12-01: Public Release Credit Discovered by Kelly Patterson of Cisco Talos.