Denial of Service Vulnerability in Socomec DIRIS Digiware M-70
CVE-2025-20085

7.2HIGH

Key Information:

Vendor: Socomec
Status: Diris Digiware M-70
Vendor: CVE Published:; 1 December 2025

What is CVE-2025-20085?

A denial of service vulnerability in the Modbus RTU over TCP feature of the Socomec DIRIS Digiware M-70 version 1.6.9 can be exploited through specially crafted network packets. This flaw allows attackers to disrupt service and potentially weaken device security by reverting to default documented credentials. The vulnerability can be triggered by sending unauthenticated packets, making it accessible for malicious entities to undermine the integrity of the system.

Affected Version(s)

DIRIS Digiware M-70 1.6.9

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.socomec.fr/sites/default/files/2025-04/CVE-20...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Discovered by Kelly Patterson of Cisco Talos.

JSON