CVE-2022-4856 MEDIUM

CVE-2022-4856: Modbus Tools Modbus Slave mbs File mbslave.exe buffer overflow

Vendor Modbus Tools
Product Modbus Slave
Weakness CWE-120
Published December 30, 2022
Last update August 3, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.

Key dates

02Disclosure timeline

December 30, 2022 CVE published
August 3, 2024 Record updated