CVE-2024-49572 | THREATINT

Description

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

PUBLISHED Reserved 2024-11-27 | Published 2025-12-01 | Updated 2025-12-01 | Assigner talos

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

1.6.9

affected

Credits

Discovered by Kelly Patterson of Cisco Talos.

References

www.talosintelligence.com/...ability_reports/TALOS-2024-2118

talosintelligence.com/vulnerability_reports/TALOS-2024-2118

www.socomec.fr/...BILITIES_2025-04-11-17-12-08_English_0.pdf

cve.org (CVE-2024-49572)

nvd.nist.gov (CVE-2024-49572)

Download JSON