Sign-up

ID

VAR-202512-0182


CVE

CVE-2025-55221


TITLE

Socomec DIRIS Digiware M-70 Denial-of-Service Vulnerability (CNVD-2025-30454)

Trust: 0.6

sources: CNVD: CNVD-2025-30454

DESCRIPTION

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus TCP over port 502. The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as the access point for the DIRIS Digiware system, integrating 24VDC power supply and communication functions into a single unit. An attacker could exploit this vulnerability to cause a denial-of-service attack

Trust: 1.44

sources: NVD: CVE-2025-55221 // CNVD: CNVD-2025-30454

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30454

AFFECTED PRODUCTS

vendor:socomecmodel:diris m-70scope:eqversion:1.6.9

Trust: 1.0

vendor:socomecmodel:diris digiware m-70scope:eqversion:1.6.9

Trust: 0.6

sources: CNVD: CNVD-2025-30454 // NVD: CVE-2025-55221

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2025-55221
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-55221
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-30454
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-30454
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2025-55221
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-55221
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-30454 // NVD: CVE-2025-55221 // NVD: CVE-2025-55221

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2025-55221

PATCH

title:Patch for Socomec DIRIS Digiware M-70 Denial-of-Service Vulnerability (CNVD-2025-30454)url:https://www.cnvd.org.cn/patchInfo/show/779146

Trust: 0.6

sources: CNVD: CNVD-2025-30454

EXTERNAL IDS

db:TALOSid:TALOS-2025-2251

Trust: 1.6

db:NVDid:CVE-2025-55221

Trust: 1.6

db:CNVDid:CNVD-2025-30454

Trust: 0.6

sources: CNVD: CNVD-2025-30454 // NVD: CVE-2025-55221

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2025-2251

Trust: 1.6

sources: CNVD: CNVD-2025-30454 // NVD: CVE-2025-55221

SOURCES

db:CNVDid:CNVD-2025-30454
db:NVDid:CVE-2025-55221

LAST UPDATE DATE

2025-12-18T19:40:06.805000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-30454date:2025-12-11T00:00:00
db:NVDid:CVE-2025-55221date:2025-12-05T20:47:43.500

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-30454date:2025-12-11T00:00:00
db:NVDid:CVE-2025-55221date:2025-12-01T16:15:54.443