CVE-2022-4856

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/poc/poc.mbs	Third Party Advisory
https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/Modbus%20Slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md	Exploit Patch Third Party Advisory
https://vuldb.com/?ctiid.217021	Third Party Advisory
https://vuldb.com/?id.217021	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:modbustools:modbus_slave:*:*:*:*:*:*:*:*

Information

Published : 2022-12-30 02:15

Updated : 2023-01-09 10:21

NVD link : CVE-2022-4856

Mitre link : CVE-2022-4856

JSON object : View

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

Products Affected

modbustools

modbus_slave

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/poc/poc.mbs", "name": "https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/poc/poc.mbs", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/Modbus%20Slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md", "name": "https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/Modbus%20Slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md", "tags": ["Exploit", "Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.217021", "name": "https://vuldb.com/?ctiid.217021", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.217021", "name": "https://vuldb.com/?id.217021", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-120"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-4856", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2022-12-30T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:modbustools:modbus_slave:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.5.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T18:21Z"}