Modbus Tools Modbus Slave
Monitor5.5ICS-CERT ICSA-22-088-04Mar 29, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A buffer overflow vulnerability exists in Modbus Tools Modbus Slave versions 7.4.2 and earlier. When an invalid registration key is entered, the application crashes due to improper input validation. This denial-of-service condition affects only local users with interactive access to the workstation. The vulnerability is not remotely exploitable.
What this means
What could happen
A local attacker could crash the Modbus Slave application by providing a malicious registration key, causing the monitoring or control interface to become unavailable and disrupting operations that depend on it.
Who's at risk
Operators who run Modbus Slave on engineering workstations or data collection servers in water treatment, electric generation, or other utilities for Modbus device simulation, testing, or protocol translation should prioritize this update.
How it could be exploited
An attacker with local access to the machine running Modbus Slave could supply a specially crafted registration key through the application's input mechanism. This triggers a buffer overflow or memory issue that crashes the process. The attacker must have interactive access to the workstation where Modbus Slave is running.
Prerequisites
- Local access to the computer running Modbus Slave
- Ability to interact with the Modbus Slave application UI
- No elevated privileges required
low complexityaffects monitoring/control availabilitylocal exploitation only
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Modbus Slave:≤ 7.4.27.4.3
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Modbus Slave to version 7.4.3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/40687a14-3b71-4afe-9e59-41f77860b845