Socomec DIRIS Digiware M-70 Modbus TCP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Socomec DIRIS Digiware M-70 version 1.6.9, specifically within its Modbus TCP and Modbus RTU over TCP functionalities. This vulnerability allows an attacker to disrupt device communication by sending a single, specially crafted Modbus TCP message that alters the device's Modbus address. Once the address is changed, the device fails to respond to subsequent Modbus requests, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the device stops responding to Modbus RTU over TCP requests and disrupts communication across Modbus TCP, Modbus RTU over TCP, and Modbus RTU networks.

Reproduction

To reproduce this vulnerability, send a Modbus TCP message to port 502 using the Write Single Register function code (6). Write the value 1 to register 4352, which changes the Modbus address to 15. After this message is sent, the device will enter a denial-of-service state by not responding to Modbus RTU over TCP requests and returning an exception response to Modbus TCP requests, indicating a failure to respond.

Remediation

Users can disable Modbus over Ethernet writing using the Cyber Security user profile in the device's WEBVIEW-M interface.