CVE-2025-54851 identifies a denial of service vulnerability in the Socomec DIRIS Digiware M-70 device, specifically version 1.6.9. The vulnerability stems from missing authentication controls on critical Modbus TCP and Modbus RTU over TCP functions. An attacker can remotely send a specially crafted Modbus TCP packet to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the device's Modbus address to 15, which disrupts normal communication and causes the device to enter a denial-of-service state, rendering it unresponsive. The attack requires no authentication or user interaction, making it trivially exploitable over the network. The vulnerability impacts availability (A:H) but does not compromise confidentiality or integrity. The CVSS v3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, and no privileges or user interaction required. No patches or exploits in the wild are currently reported, but the lack of authentication on critical functions represents a significant security weakness. The device is typically used in industrial and energy management environments for power monitoring and control, making availability critical. The vulnerability is categorized under CWE-306 (Missing Authentication for Critical Function).

For European organizations, the primary impact of this vulnerability is on the availability of power monitoring and management systems that rely on the Socomec DIRIS Digiware M-70 device. Disruption of these devices can lead to loss of visibility into power consumption, potential mismanagement of energy resources, and operational downtime in industrial, commercial, or critical infrastructure environments. This could affect manufacturing plants, data centers, utilities, and other sectors dependent on continuous power monitoring. Although the vulnerability does not directly compromise data confidentiality or integrity, the denial of service could indirectly impact operational continuity and safety systems that rely on accurate power data. Given the device's role in energy management, prolonged outages could lead to financial losses and regulatory compliance issues. The ease of exploitation without authentication increases the risk of opportunistic attacks, especially in environments where Modbus traffic is accessible from less secure network segments or exposed to external networks.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Immediately restrict network access to the Modbus TCP port 503 on DIRIS Digiware M-70 devices by applying firewall rules or network segmentation to isolate these devices from untrusted networks. 2) Employ network-level authentication or VPN tunnels to secure Modbus communications, preventing unauthorized access to critical functions. 3) Monitor network traffic for anomalous Modbus Write Single Register requests, especially those targeting register 4352 or unusual Modbus address changes. 4) Coordinate with Socomec for firmware updates or patches addressing this vulnerability; if unavailable, consider compensating controls such as disabling Modbus TCP if not required or using alternative communication protocols with stronger security. 5) Conduct regular security assessments of industrial control systems and enforce strict access controls and logging for devices managing critical infrastructure. 6) Educate operational technology (OT) staff about the risks of unauthenticated Modbus commands and ensure incident response plans include scenarios involving denial of service on power monitoring devices.