CVE-2022-1068
published 2022-04-01CVE-2022-1068: Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.95%
56.7th percentile
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modbus_tools | modbus_slave | unspecified – 7.4.2 | — |
| modbustools | modbus_slave | < 7.4.3 | 7.4.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-23h3-jvqq-m7vh: Modbus Tools Modbus Slave (versions 7
ghsa_unreviewed·2022-04-03
CVE-2022-1068 [HIGH] CWE-787 GHSA-23h3-jvqq-m7vh: Modbus Tools Modbus Slave (versions 7
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.
Red Hat
OpenJDK: random exponentials issue (Libraries, 8283875)
vendor_redhat·2022-07-19·CVSS 5.3
CVE-2022-21549 [MEDIUM] CWE-1068 OpenJDK: random exponentials issue (Libraries, 8283875)
OpenJDK: random exponentials issue (Libraries, 8283875)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, th
CISA ICS
Modbus Tools Modbus Slave
cisa_ics·2022-03-29·CVSS 5.5
[MEDIUM] Modbus Tools Modbus Slave
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Modbus Tools Modbus Slave
Last RevisedMarch 29, 2022
Alert CodeICSA-22-088-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.5
- ATTENTION: Low attack complexity/public exploits are available
- Vendor: Modbus Tools
- Equipment: Modbus Slave
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the application when inputting a registration key.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Modbus Slave, a PLC programming simulation tool, are affected:
- Modbus Slave Versions 7.4.2 a
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-01
Published