nanoMODBUS versions up to and including v1.22.0 suffer a stack-based buffer overflow in the recv_read_registers_res() routine. When a client invokes reading functions, the library transfers register data received from a Modbus TCP server to a caller-supplied buffer based on the response’s byte_count field before checking that the byte_count matches the originally requested quantity. A malicious server can advertise an excessively large byte_count, causing the library to write up to 248 bytes beyond the buffer’s boundary and potentially enable arbitrary code execution on the client system. This flaw is a classic buffer overflow and can be exploited remotely by an attacker who can control or impersonate a Modbus TCP server. The vulnerability can compromise confidentiality, integrity, and availability of the system that runs the affected library.

The affected product is the nanoMODBUS library, any builds with a version number of 1.22.0 or earlier are vulnerable. No specific vendor is listed in the CNA data, but the library is commonly included in embedded or industrial control systems that communicate over Modbus TCP.

The CVSS score is 8.2, indicating high severity. The EPSS score is unavailable, so the exploitation probability remains uncertain. The vulnerability is not listed in the CISA KEV catalog, indicating no cataloged public exploits. The likely attack vector is remote and requires a malicious Modbus TCP server sending a forged byte_count that exceeds the requested quantity, triggering a stack-based overflow and potentially enabling remote code execution on the client system.