cbcvebase.
CVE-2010-4709
published 2011-01-28

CVE-2010-4709: Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and…

PriorityP356high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
16.20%
96.5th percentile
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
automatedsolutionsmodbus_tcp_master_opc_server<= 3.0.1
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server
automatedsolutionsmodbus_tcp_master_opc_server

Detection & IOCsextracted from sources · hover to see the quote

port502
bytes
\x00\x00\x00\x00\x02\x01\x00\x03\x02\x00\x00
bytes
\x00\x00\x00\x00\x02\xb0\x00\x03\x02\x00\x00
  • A crafted Modbus/TCP response packet with an anomalously large or malformed length field (bytes 5-6 of the MBAP header) should be flagged. Specifically, a length field value such as 0x02b0 (688) in a response carrying only 2 bytes of actual payload is a strong indicator of exploitation.
  • Monitor the Automated Solutions Modbus/TCP Master OPC Server process for heap corruption events. A heap block modified past its requested size (e.g., 'Heap block at 0035F2D0 modified at 0035F4E7 past requested size of 20f') is a direct indicator of successful exploitation.
  • The vulnerable code path is at address 0x0040832C (REP STOS instruction) in the OPC server binary. A crash or anomalous write at this address indicates exploitation of the heap overflow via the crafted length field.
  • ·This vulnerability affects versions prior to 3.0.2. The PoC was tested on version 3 running on Windows.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.