Socomec DIRIS Digiware M-70 Modbus RTU Over TCP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Socomec DIRIS Digiware M-70 model 1.6.9, specifically within the Modbus RTU over TCP functionality. This vulnerability allows an attacker to send an unauthenticated network packet that can disrupt the device's operation, leading to a denial-of-service condition. The issue arises because the device can be remotely rebooted by sending a crafted Modbus packet through port 503, using the Write Single Register function code to target a specific register.

Impact

Exploitation of this vulnerability causes the device to reboot, disrupting its normal operation and service.

Reproduction

To reproduce this vulnerability, send a Modbus RTU over TCP message through port 503, using the Write Single Register function code (6) to write the value 178 to register number 57856. This action triggers a reboot of the Socomec DIRIS Digiware M-70 device, causing a denial-of-service condition.

Remediation

Users can disable Modbus over Ethernet writing using the Cyber Security user profile in the DIRIS Digiware M-70's WEBVIEW-M interface. This change will deactivate writing commands over both ModbusTCP (port 502) and Modbus RTU over TCP (port 503).