Buffer Overflow Vulnerability in Socomec DIRIS Digiware M-70 Device
CVE-2025-26858
What is CVE-2025-26858?
CVE-2025-26858 is a buffer overflow vulnerability affecting the Socomec DIRIS Digiware M-70 device, specifically within its Modbus TCP functionality. The DIRIS Digiware M-70 is designed for energy management and monitoring, catering to applications that require precise power quality measurements and control. This vulnerability occurs due to improper handling of network packets, allowing an attacker to craft specific unauthenticated packets that exploit this flaw. The consequences of this vulnerability could severely disrupt operations by leading to denial of service, making the device unresponsive and, by extension, potentially causing significant downtime for organizations reliant on efficient energy management.
Potential impact of CVE-2025-26858
-
Denial of Service: The primary impact of this vulnerability is the potential to crash the DIRIS Digiware M-70 device, resulting in a denial of service. This interruption can halt monitoring and control operations, impacting overall energy management and potentially leading to inefficiencies or increased operational costs.
-
Impact on Operational Integrity: Organizations depending on the DIRIS Digiware M-70 for critical energy monitoring may face significant operational disruptions. Such interruptions could hinder their ability to track power quality and consumption effectively, affecting decision-making processes and strategic energy management.
-
Broader Network Vulnerabilities: Exploiting this buffer overflow could allow attackers to gain footholds in organizational networks, leading to further vulnerabilities. Although the vulnerability is currently unexploited in the wild, the potential for future exploitation could expose organizations to increased cyber threats and risks, especially in environments where such devices are integrated with other critical systems.
Affected Version(s)
DIRIS Digiware M-70 1.6.9