PT-2025-22415 · Automationdirect · Mb-Gateway

Name of the Vulnerable Software and Affected Versions: AutomationDirect MB-Gateway affected versions not specified Description: The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, ...

SUSE CVE-2024-10918

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

CVE-2024-10918

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

CVE-2024-10918

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

DEBIAN-CVE-2024-10918

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

UBUNTU-CVE-2024-10918

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

CVE-2024-10918 Stack-based Buffer Overflow in libmodbus library

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

CVE-2024-10918

CVE-2024-10918 is a stack-based buffer overflow in libmodbus (v3.1.10) that can occur when replying to a Modbus request with an unexpected length, overflowing the buffer allocated for the response. The vulnerability is confirmed in multiple sources (NVD/NVD-listed, Debian DLA 4084-1, and related ...

CVE-2024-10918 Stack-based Buffer Overflow in libmodbus library

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

CVE-2024-10918

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

libmodbus 安全漏洞

libmodbus is a Modbus library for Linux, Mac OS, FreeBSD and Windows from the individual developer Stéphane Raimbault. A security vulnerability exists in libmodbus version v3.1.10, which stems from a Modbus response buffer overflow...

Schneider Electric Power Logic Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2024-10498)

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in...

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file...

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...

CVE-2022-2081

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to...

CVE-2022-20685

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

CVE-2022-37301

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

CVE-2024-11737

CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device...

CVE-2024-22044

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet 3KC9000-8TL75 All versions. Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service...

The vulnerability of the microprogrammed software of the multi-circuit electrical voltage measuring instrument PowerLogic HDPM6000, related to the output operation exceeding the buffer boundaries in memory, allows a hacker to exploit their privileges.

The vulnerability of the microprogrammed software of the multi-circuit electrical voltage measuring instrument PowerLogic HDPM6000 lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to enhance their privileges by...