CVE-2025-55222 identifies a denial of service (DoS) vulnerability in the Socomec DIRIS Digiware M-70, specifically version 1.6.9. The vulnerability arises from missing authentication controls (CWE-306) in the Modbus TCP and Modbus RTU over TCP USB Function implementation, which listens on port 503. An attacker can send a specially crafted Modbus RTU over TCP packet without any authentication or user interaction to trigger a crash or service disruption, leading to denial of service. The Modbus protocol is widely used in industrial control systems (ICS) and energy management devices for communication between controllers and field devices. Because the device does not verify the authenticity of incoming Modbus packets, it is susceptible to unauthenticated remote attacks. The CVSS v3.1 score of 8.6 reflects the high impact on availability (A:H), with no impact on confidentiality or integrity, and the ease of exploitation (network vector, no privileges or user interaction required). The scope is considered changed (S:C) because the vulnerability affects components beyond the vulnerable device itself, potentially impacting connected systems. No patches or mitigations have been officially released at the time of publication, and no exploits are known in the wild. This vulnerability could be exploited by attackers to disrupt monitoring and control functions in critical infrastructure environments where the DIRIS Digiware M-70 is deployed.

For European organizations, especially those in industrial, energy, and critical infrastructure sectors, this vulnerability poses a significant risk to operational continuity. The Socomec DIRIS Digiware M-70 is used for energy monitoring and management, and a denial of service could interrupt data collection, alarm generation, and control processes. This disruption could lead to delayed incident response, inaccurate energy usage data, and potential cascading failures in automated control systems. Given the lack of authentication, attackers can remotely exploit this vulnerability without prior access, increasing the attack surface. The impact is primarily on availability, which is critical in industrial environments where uptime and real-time monitoring are essential. Organizations relying on these devices for compliance with EU energy efficiency directives or operational safety may face regulatory and financial consequences if disruptions occur. Additionally, the vulnerability could be leveraged as part of a broader attack campaign targeting European energy grids or manufacturing facilities, amplifying its impact.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Immediately restrict network access to port 503 (Modbus RTU over TCP) on DIRIS Digiware M-70 devices by applying firewall rules and network segmentation to isolate these devices from untrusted networks. 2) Deploy intrusion detection/prevention systems (IDS/IPS) with Modbus protocol anomaly detection capabilities to identify and block malformed or unauthorized Modbus packets. 3) Enforce strict access control policies limiting Modbus communication to authorized management stations only. 4) Monitor network traffic for unusual Modbus activity patterns indicative of scanning or exploitation attempts. 5) Engage with Socomec support channels to obtain firmware updates or patches as they become available, and plan for timely deployment. 6) Consider implementing additional authentication or encryption layers at the network level (e.g., VPN tunnels) to protect Modbus communications where possible. 7) Conduct regular security audits and penetration tests focused on industrial control system components to identify and remediate similar vulnerabilities proactively.