CVE-2025-55221 identifies a critical vulnerability in the Socomec DIRIS Digiware M-70 device, specifically version 1.6.9. The vulnerability arises from missing authentication controls on critical Modbus TCP and Modbus RTU over TCP USB Function interfaces. Modbus is a widely used industrial protocol, and the device listens on the standard Modbus TCP port 502. An attacker can send a specially crafted Modbus packet without any authentication or prior access to trigger a denial of service condition, causing the device to become unresponsive or crash. This vulnerability is classified under CWE-306, indicating missing authentication for a critical function. The CVSS v3.1 score of 8.6 reflects a high severity due to network attack vector, low attack complexity, no privileges or user interaction required, and a scope change indicating potential impact beyond the vulnerable component. The vulnerability affects availability but not confidentiality or integrity. Although no public exploits are reported, the simplicity of exploitation and critical nature of the device in energy monitoring and industrial environments make this a significant threat. The lack of authentication on Modbus TCP interfaces is a common security weakness in industrial control systems, often exploited to disrupt operations. The device’s role in monitoring electrical parameters means denial of service could impair operational visibility and control, leading to potential safety and operational risks. No patches or firmware updates are currently available, increasing the urgency for interim mitigations.

For European organizations, the impact of this vulnerability can be substantial, especially in sectors relying on industrial automation, energy management, and critical infrastructure monitoring where Socomec DIRIS Digiware M-70 devices are deployed. A denial of service attack could disrupt real-time monitoring of electrical parameters, leading to delayed detection of faults or abnormal conditions. This can cause operational downtime, increased risk of equipment damage, and safety hazards. In energy distribution and manufacturing environments, loss of monitoring capability can affect compliance with regulatory requirements and operational efficiency. The lack of authentication means attackers can exploit this vulnerability remotely without credentials, increasing the attack surface. Given the interconnected nature of industrial networks in Europe, a successful attack could propagate operational disruptions across multiple sites. Although confidentiality and integrity are not directly impacted, availability loss in critical systems can have cascading effects on business continuity and safety. The absence of known exploits currently provides a window for proactive defense, but the high severity score indicates urgent attention is needed to prevent potential exploitation.

European organizations should implement the following specific mitigations: 1) Immediately restrict network access to the Modbus TCP port 502 on DIRIS Digiware M-70 devices by applying firewall rules or access control lists to allow only trusted management systems. 2) Segment industrial control networks to isolate vulnerable devices from general enterprise networks and the internet, minimizing exposure. 3) Deploy network intrusion detection or anomaly detection systems tuned to identify unusual Modbus traffic patterns indicative of exploitation attempts. 4) Disable unused Modbus TCP or RTU over TCP USB interfaces if not required for operations. 5) Monitor device logs and network traffic for signs of denial of service or malformed packets targeting Modbus services. 6) Engage with Socomec for firmware updates or patches addressing this vulnerability and plan for timely deployment once available. 7) Conduct regular security assessments of industrial control systems to identify and remediate similar missing authentication issues. 8) Train operational technology personnel on the risks of unauthenticated protocols and the importance of network segmentation and access controls. These targeted actions go beyond generic advice by focusing on network-level controls and operational monitoring specific to Modbus protocol vulnerabilities.