CVE-2025-55221 identifies a denial of service (DoS) vulnerability in Socomec DIRIS Digiware M-70 version 1.6.9, specifically affecting the Modbus TCP and Modbus RTU over TCP USB Function implementations. The root cause is the absence of authentication controls on critical functions accessible via Modbus TCP on port 502. An attacker can exploit this by sending a specially crafted, unauthenticated network packet to the device, triggering a denial of service condition that disrupts device operation. The vulnerability is classified under CWE-306, indicating missing authentication for a critical function. The CVSS v3.1 score of 8.6 (high severity) reflects the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) with a high impact on availability (A:H) but no impact on confidentiality or integrity. This means the attacker can remotely cause the device to become unavailable without needing credentials or user action. The Socomec DIRIS Digiware M-70 is used for power monitoring and management in industrial and critical infrastructure environments, making availability crucial. No patches or exploits are currently reported, but the vulnerability's nature suggests it could be weaponized to disrupt power monitoring systems, potentially affecting operational continuity and safety.

For European organizations, this vulnerability poses a significant risk to the availability of power monitoring and management systems that rely on the Socomec DIRIS Digiware M-70. Disruption of these devices could lead to loss of real-time power data, impairing operational decision-making and potentially causing cascading failures in industrial processes or critical infrastructure such as energy grids, manufacturing plants, and data centers. The lack of authentication means attackers can exploit the vulnerability remotely without credentials, increasing the attack surface. This could facilitate denial of service attacks from external threat actors or insiders with network access. The impact is particularly severe for sectors where continuous power monitoring is essential for safety and regulatory compliance. Additionally, the scope change in the CVSS score indicates that the vulnerability could affect other components or systems relying on the device's availability, amplifying the operational impact. European organizations with interconnected industrial control systems (ICS) and operational technology (OT) environments must consider this vulnerability a high priority to avoid service interruptions and potential safety hazards.

1. Network Segmentation: Isolate the Socomec DIRIS Digiware M-70 devices within dedicated network segments that restrict access to trusted management systems only. 2. Firewall Rules: Implement strict firewall policies to block or filter Modbus TCP traffic (port 502) from untrusted or external networks, allowing only authorized IP addresses to communicate with the devices. 3. Intrusion Detection/Prevention: Deploy network monitoring tools capable of detecting anomalous Modbus TCP packets and potential exploitation attempts targeting port 502. 4. Vendor Coordination: Engage with Socomec for official patches or firmware updates addressing CVE-2025-55221 and apply them promptly once available. 5. Access Controls: Enforce strong access control policies on management interfaces and restrict physical and network access to the devices. 6. Incident Response Planning: Prepare response procedures for potential denial of service incidents affecting power monitoring systems to minimize downtime. 7. Regular Audits: Conduct periodic security assessments of OT networks to identify unauthorized access or suspicious activity related to Modbus communications. These measures go beyond generic advice by focusing on network-level controls and operational readiness specific to the affected product and protocol.