Cyber Resilience

CVE-2024-48882

High

Published: 01 December 2025

Published
01 December 2025
Modified
05 December 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0008 22.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48882 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Socomec Diris M-70 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2024-48882 is a denial-of-service vulnerability in the Modbus TCP functionality of the Socomec DIRIS Digiware M-70 device running version 1.6.9. The issue arises when a specially crafted network packet is processed, leading to a denial of service. Exploitation requires no authentication, as an attacker can trigger the vulnerability by sending a malicious packet directly to the affected component.

A remote attacker with network access to the device can exploit this vulnerability without privileges or user interaction. Successful exploitation results in a denial of service, disrupting availability with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). The changed scope (S:C) indicates potential impact beyond the vulnerable component, classified under CWE-306 (Missing Authentication for Critical Function).

Mitigation details are available in the Cisco Talos Intelligence report (TALOS-2024-2119) and the official Socomec advisory document, which address patches and remediation steps for the DIRIS Digiware M-70.

EU & UK References

Vulnerability details

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables remote unauthenticated denial of service via a specially crafted Modbus TCP packet, directly facilitating Endpoint Denial of Service through application or system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55221Same product: Socomec Diris M-70
CVE-2025-23417Same product: Socomec Diris M-70
CVE-2025-55222Same product: Socomec Diris M-70
CVE-2025-26858Same product: Socomec Diris M-70
CVE-2024-53684Same product: Socomec Diris M-70
CVE-2025-15620Shared CWE-306
CVE-2018-25241Shared CWE-306
CVE-2019-25686Shared CWE-306
CVE-2018-25246Shared CWE-306
CVE-2026-0545Shared CWE-306

Affected Assets

socomec
diris m-70 firmware
1.6.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects the system from denial-of-service effects triggered by specially crafted unauthenticated Modbus TCP packets.

prevent

Validates incoming network packet content to reject malformed Modbus TCP packets that cause the device to crash.

prevent

Enforces boundary controls to monitor, filter, or rate-limit traffic to the exposed Modbus TCP service, preventing crafted packets from reaching the vulnerable component.

References