CVE-2024-48882

Description

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS Details

CVSS Score

8.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:* - NOT VULNERABLE

Socomec DIRIS Digiware M-70 1.6.9及更早版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

目前未提供PoC代码

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-48882
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-48882
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-48882/
[4] VulDB https://vuldb.com/cve/CVE-2024-48882
[5] https://talosintelligence.com/vulnerability_reports/TALOS-2024-2119
[6] https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-48882---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-17-43_English_0.pdf
[7] https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2119

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-48882", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:49.983", "lastModified": "2025-12-05T21:10:23.050", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "C07608BE-E7E3-44F5-AE9A-4AE36679F58A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:*", "matchCriteriaId": "153A9D26-2C76-4B6B-AFD8-22DEB2081F34"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2119", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-48882---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-17-43_English_0.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2119", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}}