Socomec DIRIS Digiware M-70 Modbus TCP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Modbus TCP functionality of the Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability allows an attacker to send an unauthenticated network packet that can disrupt the device's operation and reset its credentials to default values, which are documented. The issue can be exploited by sending a specific Modbus TCP message that triggers a factory reset, restoring default passwords that could be used to gain unauthorized access to the device's web interface, WEBVIEW-M.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by remotely factory resetting the device, which disrupts its normal operation. Additionally, the reset process restores default passwords for the WEBVIEW-M user accounts, allowing unauthorized access with elevated privileges.

Reproduction

To reproduce this vulnerability, send a Modbus TCP packet using the Write Single Register function code to register number 57856. The packet must include the value 229, which triggers the factory reset process.

Remediation

Users can disable the Modbus writing feature through the Cyber Security user profile in WEBVIEW-M. Socomec has also announced that the next generation of the DIRIS Digiware gateway will have Modbus read and write functions disabled by default.