A high-severity denial of service vulnerability has been identified in Socomec DIRIS Digiware M-70 devices. An unauthenticated attacker on the network can exploit this flaw to crash the device's Modbus service, disrupting monitoring and control capabilities and potentially impacting operational visibility of critical power systems.

A denial of service vulnerability exists within the Modbus RTU over TCP service. An unauthenticated remote attacker can send specially crafted packets to the listening Modbus TCP port. Successful exploitation causes the service to become unresponsive or crash, preventing legitimate communication and requiring a manual reboot to restore functionality.

This vulnerability is rated as High severity with a CVSS score of 8.6. Exploitation could lead to a significant loss of availability for power monitoring systems. This would result in a loss of visibility into critical electrical infrastructure, potentially masking operational issues, preventing data collection for compliance, or disrupting automated processes that rely on the device's data. The primary business impact is operational disruption and a temporary loss of critical monitoring and control functions.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor to all affected devices immediately. Before and after patching, closely monitor device logs and network traffic for any signs of exploitation, such as unexpected reboots or malformed Modbus traffic.

Proactive Monitoring: Implement network monitoring to detect and alert on anomalous traffic patterns targeting the Modbus TCP port (typically 502) on affected devices. Monitor device-level logs for error messages, service crashes, or frequent, unexplained reboots. Establish a baseline of normal Modbus traffic to more easily identify malicious activity.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to isolate the affected devices from general corporate and external networks. Use firewalls or Access Control Lists (ACLs) to strictly limit access to the Modbus TCP port, allowing connections only from trusted management stations or authorized industrial control systems.

Public Exploit Available: false

Due to the high severity (CVSS 8.6) of this vulnerability, we strongly recommend that organizations prioritize the immediate application of vendor-supplied security patches to all affected Socomec DIRIS Digiware M-70 devices. If patching must be delayed, the compensating controls outlined above, particularly network segmentation and access control rules, should be implemented without delay to mitigate risk. Although there is no evidence of active exploitation, the potential for operational disruption warrants urgent attention.