Researchers have identified significant security vulnerabilities in the Socomec DIRIS M-70, a crucial industrial gateway for power monitoring and energy management. These denial-of-service flaws threaten the integrity and functionality of critical infrastructure relying on this device.
Discovery Through Emulation Techniques
The vulnerabilities were detected using an advanced emulation technique, which overcame hardware debugging challenges by concentrating on the Modbus protocol communication thread. This innovative approach allowed researchers to bypass traditional debugging limitations and zero in on specific vulnerabilities.
The M-70 device supports communication over both RS485 and Ethernet networks, accommodating protocols like Modbus RTU, Modbus TCP, BACnet IP, and SNMP. The focus of the research was firmware version 1.6.9, which is susceptible to remote exploitation without requiring authentication.
Implications for Critical Sectors
These vulnerabilities pose a substantial risk to sectors such as data centers, healthcare facilities, and other critical infrastructures where energy management is essential. A successful attack could result in disruptions, outages, and potential damage to equipment.
Cisco Talos researchers, confronted with the device’s Code Read-out Protection Level 1 on the STM32 microcontroller, developed a unique emulation strategy utilizing the Unicorn Engine framework to isolate the Modbus processing thread for analysis.
Vulnerability Details and Mitigation
The fuzzing campaign led to the discovery of six vulnerabilities, each with a CVSS v3.1 score of 7.5. These vulnerabilities are tracked as CVE-2025-54848 through CVE-2025-55222. They enable attackers to send crafted messages that induce denial-of-service conditions.
Socomec has responded by releasing patches for all impacted products. Users are advised to upgrade from firmware version 1.6.9 to at least version 1.7 to mitigate potential threats. Additionally, deploying SNORT detection rules can help identify exploitation attempts in network environments.
This research underscores the efficacy of targeted emulation for discovering vulnerabilities, emphasizing the need for comprehensive security measures in industrial environments.
