CVE-2025-54850 identifies a denial of service (DoS) vulnerability in the Socomec DIRIS Digiware M-70 power monitoring device, specifically version 1.6.9. The vulnerability stems from a missing authentication mechanism on critical Modbus TCP and Modbus RTU over TCP functions, which are used for device configuration and management. An attacker can exploit this by sending a carefully crafted sequence of unauthenticated Modbus Write Single Register (function code 6) messages to TCP port 503. The attack sequence involves writing a value of 1000 to register 58112 to signal an impending configuration change, then setting a new Modbus address in register 29440, and finally committing the change by writing 161 to register 57856. This sequence causes the device to enter a denial-of-service state, effectively disabling its functionality. The vulnerability does not require any privileges or user interaction and can be exploited remotely over the network. The CVSS v3.1 score is 7.5 (high), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and a high impact on availability. The vulnerability is categorized under CWE-306 (Missing Authentication for Critical Function). No patches or known exploits are currently reported, but the lack of authentication on critical functions presents a significant risk to operational continuity in environments using this device.

The primary impact of CVE-2025-54850 is a complete denial of service on the Socomec DIRIS Digiware M-70 device, which is widely used for power monitoring and energy management in industrial and critical infrastructure settings. For European organizations, this could lead to loss of visibility into power consumption and electrical parameters, potentially disrupting energy management, operational efficiency, and safety monitoring. In critical infrastructure sectors such as manufacturing, utilities, data centers, and transportation, this loss of monitoring capability could delay incident detection and response, increasing the risk of cascading failures or safety incidents. Since the attack requires no authentication and can be launched remotely, it significantly raises the threat level, especially in environments where these devices are accessible from less secure network segments or exposed to external networks. The unavailability of these devices could also impact compliance with regulatory requirements for energy monitoring and reporting in Europe. While confidentiality and integrity are not directly affected, the availability impact alone can cause operational disruptions and financial losses.

To mitigate CVE-2025-54850, European organizations should implement the following specific measures: 1) Immediately restrict network access to the Modbus TCP port 503 on DIRIS Digiware M-70 devices by implementing firewall rules and network segmentation to isolate these devices from untrusted or general-purpose networks. 2) Employ network intrusion detection or anomaly detection systems tuned to identify unusual Modbus Write Single Register commands, especially those targeting registers 58112, 29440, and 57856. 3) Disable or restrict Modbus TCP and Modbus RTU over TCP functionality if not required for operational purposes. 4) Use VPNs or secure tunnels for any remote management access to these devices to ensure authentication and encryption. 5) Engage with Socomec support channels to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6) Conduct regular audits of device configurations and network access controls to ensure compliance with security policies. 7) Train operational technology (OT) and IT security teams to recognize and respond to potential exploitation attempts targeting Modbus protocols. These steps go beyond generic advice by focusing on protocol-specific controls and operational practices tailored to the affected device and its environment.