Socomec DIRIS Digiware M-70 Modbus TCP and RTU over TCP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability arises in the Modbus TCP and Modbus RTU over TCP functionalities. An attacker can send a sequence of unauthenticated network packets that disrupt normal operations, leading to a denial-of-service condition. Specifically, the vulnerability can be exploited by sending a single Modbus TCP message to port 503, using the Write Single Register function code to overwrite a specific register. This action alters the Modbus address, causing the device to enter a state where it no longer responds to certain Modbus requests, effectively disrupting communication with connected tools or devices.

Impact

Exploitation of this vulnerability causes the device to enter a denial-of-service state, where it fails to respond to Modbus RTU over TCP requests and generates exception responses to Modbus TCP requests, indicating a communication failure.

Reproduction

To reproduce this vulnerability, send a Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This will change the Modbus address to 15, causing the device to enter a denial-of-service state.

Remediation

Users can disable Modbus over Ethernet writing using the Cyber Security user profile in the device's WEBVIEW-M interface.