CVE-2025-55222 identifies a denial of service (DoS) vulnerability in the Socomec DIRIS Digiware M-70 energy metering device, specifically version 1.6.9. The flaw exists in the handling of Modbus TCP and Modbus RTU over TCP USB Function protocols, which are commonly used for industrial control and monitoring. The vulnerability is due to missing authentication controls (CWE-306) on critical functions accessed via Modbus messages sent over TCP port 503. An attacker can send a specially crafted, unauthenticated Modbus RTU over TCP packet to the device, triggering a denial of service condition that disrupts normal operation and potentially causes device unavailability. The CVSS v3.1 score of 8.6 reflects the high impact on availability (A:H), with no required privileges (PR:N) or user interaction (UI:N), and network attack vector (AV:N). The scope is changed (S:C), indicating that the vulnerability affects components beyond the initially vulnerable module. Although no exploits have been observed in the wild, the ease of exploitation and critical function impact make this a serious threat. The lack of authentication on a critical function in an industrial device highlights a significant security design weakness, increasing the risk of disruption in operational technology environments.

For European organizations, especially those in industrial, energy, and critical infrastructure sectors, this vulnerability could lead to significant operational disruptions. Socomec DIRIS Digiware M-70 devices are used for energy monitoring and management, and a denial of service could interrupt energy data collection, monitoring, and control processes. This can affect energy efficiency, fault detection, and potentially lead to cascading failures in industrial control systems. The unauthenticated nature of the attack means that any attacker with network access to port 503 can exploit the vulnerability, increasing the risk in environments with insufficient network segmentation or exposure to untrusted networks. Given Europe's strong emphasis on energy infrastructure security and regulatory compliance, exploitation could result in regulatory penalties, operational downtime, and damage to reputation. The impact is heightened in environments where these devices are integrated into larger SCADA or industrial control systems, as availability is critical for safe and reliable operations.

1. Immediately restrict network access to Modbus TCP port 503 on Socomec DIRIS Digiware M-70 devices by implementing strict firewall rules and network segmentation to isolate these devices from untrusted or general IT networks. 2. Employ network intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection for Modbus protocol traffic to identify and block malformed or suspicious packets targeting port 503. 3. Disable Modbus RTU over TCP USB Function if not required for operational purposes to reduce the attack surface. 4. Monitor device logs and network traffic for unusual or repeated Modbus requests that could indicate exploitation attempts. 5. Engage with Socomec for official patches or firmware updates addressing this vulnerability and plan for timely deployment once available. 6. Implement strict access controls and authentication mechanisms at the network level, such as VPNs or secure tunnels, to limit exposure of industrial devices. 7. Review and update incident response plans to include scenarios involving denial of service attacks on energy metering devices.