CVE-2025-20085 | THREATINT

Description

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

PUBLISHED Reserved 2025-01-22 | Published 2025-12-01 | Updated 2025-12-01 | Assigner talos

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

1.6.9

affected

Credits

Discovered by Kelly Patterson of Cisco Talos.

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2138

talosintelligence.com/vulnerability_reports/TALOS-2025-2138

www.socomec.fr/...BILITIES_2025-04-11-17-14-39_English_0.pdf

cve.org (CVE-2025-20085)

nvd.nist.gov (CVE-2025-20085)

Download JSON