CVE-2019-14462

CRITICAL LAB

libmodbus <3.0.7, <3.1.5 - Info Disclosure

Title source: llm

Description

An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.

Exploits (1)

nomisec WORKING POC

by spanwich · poc

https://github.com/spanwich/sel4-ics-gateway-demo

View Code ZIP pw:eip

References (5)

[Patch, Third Party Advisory] https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc

[Release Notes, Vendor Advisory] https://libmodbus.org/2019/stable-and-development-releases/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAGHQFJTJCMYHW553OUWJ3YIJR6PJHB7/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233/

Scores

CVSS v3 9.1

EPSS 0.0076

EPSS Percentile 73.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull frosty-goop-poc:asan

docker pull frosty-goop-poc:normal

https://github.com/spanwich/sel4-ics-gateway-demo

View in Library

Details

CWE

CWE-125

Status published

Products (4)

debian/debian_linux 9.0

fedoraproject/fedora 29

fedoraproject/fedora 30

libmodbus/libmodbus < 3.0.7

Published Jul 31, 2019

Tracked Since Feb 18, 2026