Lucene search

VulDBCVELIST:CVE-2022-4856

HistoryDec 30, 2022 - 9:02 a.m.

CVE-2022-4856 Modbus Tools Modbus Slave mbs File mbslave.exe buffer overflow

2022-12-3009:02:47

CWE-120

VulDB

www.cve.org

modbus tools

modbus slave

file handler

buffer overflow

remote attack

vdb-217021

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "Modbus Tools",
    "product": "Modbus Slave",
    "versions": [
      {
        "version": "7.5.0",
        "status": "affected"
      },
      {
        "version": "7.5.1",
        "status": "affected"
      }
    ],
    "modules": [
      "mbs File Handler"
    ]
  }
]

References

github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/Modbus%20Slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md

github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/poc/poc.mbs

vuldb.com/?ctiid.217021

vuldb.com/?id.217021