How to fix CVE-2025-54851?

Within 24 hours: Inventory all Socomec DIRIS Digiware M-70 version 1.6.9 devices and document their criticality and network accessibility. Within 7 days: Implement network segmentation to restrict unauthenticated access to port 503 on affected devices; deploy network monitoring to detect suspicious Modbus TCP Write Single Register function code 6 messages targeting register 4352. Within 30 days: Contact Socomec for patch availability and timeline; evaluate upgrade feasibility to a patched version or replacement hardware; conduct full security assessment of Modbus network architecture.

Is Diris M 70 Firmware affected by CVE-2025-54851?

A high-severity denial-of-service vulnerability in Socomec DIRIS Digiware M-70 devices can be triggered remotely without authentication, potentially disrupting critical power distribution monitoring and control systems.

CVE-2025-54851

EUVD-2025-200031 HIGH

2025-12-01 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200031

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

CVE Published

Dec 01, 2025 - 16:15 nvd

HIGH 7.5

Description

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.

Analysis

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Missing Authentication for Critical Function (CWE-306).

Affected Products

Affected products: Socomec Diris M-70 Firmware 1.6.9

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2025-54851 vulnerability details – vuln.today

Back

CVE-2025-54851

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-54851

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code