Description
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
Published: 2026-05-12
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a race condition in the CODESYS Modbus TCP Server stack that causes the server to fail to correctly manage available TCP connections. An unauthenticated attacker can exploit this flaw to exhaust all connection slots, resulting in legitimate clients being unable to establish new connections. This flaw maps to CWE‑772: Improper Management of Resource Decay.

Affected Systems

The affected vendor is CODESYS and the product is CODESYS Modbus. No specific version information is provided in the available data, so the scope could apply to any installation that includes the Modbus TCP Server stack.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity level and the lack of an EPSS score means the current probability of exploitation is unknown. The vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector is remote and does not require authentication; an attacker would issue crafted traffic or flood the server with connection attempts to trigger the race condition and exhaust resources.

Generated by OpenCVE AI on May 12, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or firmware release that resolves the race condition in the Modbus TCP server connection handling.
  • Limit the maximum number of concurrent TCP connections for the Modbus service through configuration or policy to cap the resource usage.
  • Deploy network monitoring or firewall rules to detect repeated or abnormal connection attempts and block suspected malicious IPs.

Generated by OpenCVE AI on May 12, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Codesys codesys
Vendors & Products Codesys codesys

Tue, 12 May 2026 07:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
Title Improper resource management in CODESYS Modbus TCP Server
First Time appeared Codesys
Codesys codesys Modbus
Weaknesses CWE-772
CPEs cpe:2.3:a:codesys:codesys_modbus:*:*:*:*:*:*:*:*
Vendors & Products Codesys
Codesys codesys Modbus
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Codesys Codesys Codesys Modbus
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-05-12T07:14:41.517Z

Reserved: 2026-04-01T19:54:21.499Z

Link: CVE-2026-35227

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T08:16:08.193

Modified: 2026-05-12T14:15:46.747

Link: CVE-2026-35227

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T08:45:11Z

Weaknesses