Sign-up

ID

VAR-202512-0181


CVE

CVE-2025-55222


TITLE

Socomec DIRIS Digiware M-70 Denial-of-Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-30452

DESCRIPTION

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus RTU over TCP on port 503. The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as the access point for the DIRIS Digiware system, integrating 24VDC power and communication functions into a single unit. The Socomec DIRIS Digiware M-70 contains a denial-of-service vulnerability stemming from the Modbus RTU over TCP USB function's failure to properly restrict resource access packets from unauthorized roles. An attacker could exploit this vulnerability to cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-55222 // CNVD: CNVD-2025-30452

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30452

AFFECTED PRODUCTS

vendor:socomecmodel:diris m-70scope:eqversion:1.6.9

Trust: 1.0

vendor:socomecmodel:diris digiware m-70scope:eqversion:1.6.9

Trust: 0.6

sources: CNVD: CNVD-2025-30452 // NVD: CVE-2025-55222

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2025-55222
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-55222
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-30452
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-30452
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2025-55222
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-55222
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-30452 // NVD: CVE-2025-55222 // NVD: CVE-2025-55222

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2025-55222

PATCH

title:Patch for Socomec DIRIS Digiware M-70 Denial-of-Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/779136

Trust: 0.6

sources: CNVD: CNVD-2025-30452

EXTERNAL IDS

db:TALOSid:TALOS-2025-2251

Trust: 1.6

db:NVDid:CVE-2025-55222

Trust: 1.6

db:CNVDid:CNVD-2025-30452

Trust: 0.6

sources: CNVD: CNVD-2025-30452 // NVD: CVE-2025-55222

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2025-2251

Trust: 1.6

sources: CNVD: CNVD-2025-30452 // NVD: CVE-2025-55222

SOURCES

db:CNVDid:CNVD-2025-30452
db:NVDid:CVE-2025-55222

LAST UPDATE DATE

2025-12-18T19:40:06.918000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-30452date:2025-12-11T00:00:00
db:NVDid:CVE-2025-55222date:2025-12-05T20:48:02.067

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-30452date:2025-12-11T00:00:00
db:NVDid:CVE-2025-55222date:2025-12-01T16:15:54.620