CVE-2024-48882

Published Dec 1, 2025

Last updated 6 months ago

CVSS high 8.6
Network

Overview

Description
A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.
Source
talos-cna@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity
HIGH

Weaknesses

talos-cna@cisco.com
CWE-306

Social media

Hype score
Not currently trending

  1. [CVE-2024-48882: HIGH] Denial of Service vulnerability in Socomec DIRIS Digiware M-70 1.6.9 Modbus TCP can be triggered by a crafted network packet, enabling a DoS attack without authentication.#cve,CVE-2024-48882,#cybersecurity https://t.co/HjXjcUjul5 https://t.co/kglPPFOqFK

    @CveFindCom

    1 Dec 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Palo Alto Networks PAN-OS Authentication Bypass VulnerabilityCVE-2026-0257
  2. Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.CVE-2026-40372
  3. A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.CVE-2026-20147
  4. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-33827
  5. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824

References

Sources include official advisories and independent security research.