CVE-2025-55222
Published: 01 December 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-55222 is a denial-of-service vulnerability in the Modbus TCP and Modbus RTU over TCP USB Function functionality of the Socomec DIRIS Digiware M-70 device running version 1.6.9. The issue, tied to CWE-306 (Missing Authentication for Critical Function), allows a specially crafted network packet to trigger a denial of service. It is specifically exploitable via malicious messages sent over Modbus RTU on TCP port 503. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), reflecting high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and scope change with high availability impact.
Any unauthenticated attacker with network access to the affected device can exploit this vulnerability by sending a specially crafted packet to port 503. No authentication is required, enabling remote exploitation that disrupts device availability, potentially halting monitoring or control functions in industrial environments where the DIRIS Digiware M-70 is deployed.
For mitigation details, refer to the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2251, which provides guidance on patches or workarounds.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote attackers to send crafted packets to port 503, exploiting missing authentication in the Modbus service to cause denial of service, directly mapping to endpoint DoS via application exploitation.