Unprecedented Emulation Breakthrough Unlocks Vulnerabilities in Critical IoT Gateway
TL;DR: Cisco Talos researchers have utilized innovative emulation techniques to reveal critical vulnerabilities in the Socomec DIRIS M-70 gateway, leading to the identification of six denial-of-service CVEs. The approach effectively bypassed hardware-level protections, demonstrating a viable method for assessing industrial IoT device security.
Cisco Talos researchers tackled the Socomec DIRIS M-70 gateway, an industrial IoT device crucial for energy management, by innovating an emulation technique that bypassed its code read-out protection (RDP) limitations. Instead of attempting to emulate the entire system—a resource-intensive process—the researchers focused on a single thread handling Modbus protocol. This focused strategy allowed them to conduct significant vulnerability research while minimizing the complexity of emulation, using tools like the Unicorn Engine and AFL for coverage-guided fuzzing.
Their efforts revealed six critical CVEs related to denial-of-service vulnerabilities, all duly reported and patched through Cisco’s Coordinated Disclosure Policy. This discovery is significant since the DIRIS M-70 impacts critical infrastructure sectors, including healthcare and data centers, where security breaches could lead to severe operational disruptions and financial losses.
Why this matters: The vulnerabilities identified in industrial IoT devices like the DIRIS M-70 highlight the urgent need for improved security measures in critical infrastructure. If left unaddressed, such weaknesses can lead to catastrophic failures and manipulation of essential services.
Implementing robust threat intelligence processes alongside SIEMs can greatly enhance real-time monitoring of vulnerabilities. Regular vulnerability scanning and prompt patch management are essential strategies to mitigate risks associated with such IoT devices.
Indicators of Compromise (IOCs): The vulnerabilities identified led to multiple CVEs:
– TALOS-2025-2248 (CVE-2025-54848, CVE-2025-54849, CVE-2025-54850, CVE-2025-54851)
– TALOS-2025-2251 (CVE-2025-55221, CVE-2025-55222).
These issues necessitate an immediate upgrade to security practices for devices operating in industrial environments.
Click here for the full article
