How to fix CVE-2025-54850?

Within 24 hours: Identify and inventory all Socomec DIRIS M-70 1.6.9 devices in your environment and restrict network access to port 503 using firewall rules to allow only authorized Modbus clients. Within 7 days: Implement network segmentation to isolate Modbus TCP devices on a dedicated VLAN with strict ingress/egress controls, and monitor for suspicious Modbus Write Single Register (function code 6) activity targeting registers 58112, 29440, and 57856. Within 30 days: Contact Socomec for patch availability status, evaluate firmware upgrade timelines, and if unavailable, assess feasibility of deploying Modbus-aware network intrusion detection or implementing application-layer filtering to block the specific attack sequence.

Is Diris M 70 Firmware affected by CVE-2025-54850?

A high-severity denial-of-service vulnerability affecting Socomec DIRIS Digiware M-70 devices (version 1.6.9) allows unauthenticated attackers to remotely disable critical infrastructure monitoring equipment through specially crafted network packets.

CVE-2025-54850

EUVD-2025-200032 HIGH

2025-12-01 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200032

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

CVE Published

Dec 01, 2025 - 16:15 nvd

HIGH 7.5

Description

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus RTU over TCP messages to port 503 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.

Analysis

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Missing Authentication for Critical Function (CWE-306).

Affected Products

Affected products: Socomec Diris M-70 Firmware 1.6.9

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2025-54850 vulnerability details – vuln.today

Back

CVE-2025-54850

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-54850

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code