Details of VAR-202212-2302

ID

VAR-202212-2302

CVE

CVE-2022-4856

TITLE

Modbus Tools Modbus Slave Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004246

DESCRIPTION

A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability. Modbus Tools Modbus Slave Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-4856 // JVNDB: JVNDB-2022-004246 // VULMON: CVE-2022-4856

AFFECTED PRODUCTS

vendor:	modbustools	model:	modbus slave	scope:	lte	version:	7.5.1	Trust: 1.0
vendor:	modbus tools	model:	slave	scope:	eq	version:	-	Trust: 0.8
vendor:	modbus tools	model:	slave	scope:	eq	version:	7.5.1 to	Trust: 0.8

sources: JVNDB: JVNDB-2022-004246 // NVD: CVE-2022-4856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-4856
value:	HIGH
Trust: 1.0
cna@vuldb.com:	CVE-2022-4856
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-4856
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-4127
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-4856
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cna@vuldb.com:	CVE-2022-4856
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-4856
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-004246 // CNNVD: CNNVD-202212-4127 // NVD: CVE-2022-4856 // NVD: CVE-2022-4856

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004246 // NVD: CVE-2022-4856

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-4127

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-4127

PATCH

title:	Top Page	url:	https://www.modbustools.com/	Trust: 0.8
title:	Modbus Slave Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=220518	Trust: 0.6

sources: JVNDB: JVNDB-2022-004246 // CNNVD: CNNVD-202212-4127

EXTERNAL IDS

db:	NVD	id:	CVE-2022-4856	Trust: 3.3
db:	VULDB	id:	217021	Trust: 2.5
db:	JVNDB	id:	JVNDB-2022-004246	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-4127	Trust: 0.6
db:	VULMON	id:	CVE-2022-4856	Trust: 0.1

sources: VULMON: CVE-2022-4856 // JVNDB: JVNDB-2022-004246 // CNNVD: CNNVD-202212-4127 // NVD: CVE-2022-4856

REFERENCES

url:	https://github.com/durian1546/vul/blob/main/webray.com.cn/modbus%20slave/modbus%20slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md	Trust: 2.5
url:	https://vuldb.com/?id.217021	Trust: 2.5
url:	https://github.com/durian1546/vul/blob/main/webray.com.cn/modbus%20slave/poc/poc.mbs	Trust: 1.7
url:	https://vuldb.com/?ctiid.217021	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4856	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-4856/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-4856 // JVNDB: JVNDB-2022-004246 // CNNVD: CNNVD-202212-4127 // NVD: CVE-2022-4856

SOURCES

db:	VULMON	id:	CVE-2022-4856
db:	JVNDB	id:	JVNDB-2022-004246
db:	CNNVD	id:	CNNVD-202212-4127
db:	NVD	id:	CVE-2022-4856

LAST UPDATE DATE

2024-08-14T14:37:07.547000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-4856	date:	2022-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-004246	date:	2023-04-03T08:18:00
db:	CNNVD	id:	CNNVD-202212-4127	date:	2023-01-10T00:00:00
db:	NVD	id:	CVE-2022-4856	date:	2024-05-17T02:16:59.270

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-4856	date:	2022-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-004246	date:	2023-04-03T00:00:00
db:	CNNVD	id:	CNNVD-202212-4127	date:	2022-12-30T00:00:00
db:	NVD	id:	CVE-2022-4856	date:	2022-12-30T10:15:09.530