Description
nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length field is set to 255. The overflow corrupts the adjacent buffer-index field of the nanoMODBUS state structure, resulting in denial of service through invalid memory accesses and, on bare-metal and RTOS targets without memory protection, one-byte information disclosure and writes to unintended register addresses on the Write Multiple Registers (FC16) handler path.
Published: 2026-06-14
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an off‑by‑one buffer overflow in the recv_msg_header() function of the Modbus/TCP server in nanoMODBUS. A remote, unauthenticated attacker can send a crafted MBAP frame whose Length field is set to 255, overwriting one byte past the 260‑byte receive buffer. This corrupts the adjacent buffer‑index field in the nanoMODBUS state structure, triggering invalid memory accesses that lead to a denial of service. On bare‑metal and RTOS targets that lack memory protection, the overflow can also expose one byte of adjacent memory and allow writes to unintended register addresses during the Write Multiple Registers (FC16) handler call.

Affected Systems

The issue affects the debevv nanoMODBUS implementation, specifically versions up to and including 1.23.0. The vulnerability originates in the Modbus/TCP server code and thus impacts any deployment of this version that exposes the Modbus/TCP service to network traffic.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, but the EPSS score is currently not available, suggesting no confirmed exploitation data. The vulnerability is not listed in CISA’s KEV catalog. An attacker requires network access to the Modbus/TCP port and does not need authentication; the attack vector is remote over the network. Successful exploitation can cause service interruption and, in environments without memory protection, may reveal memory contents or alter device registers.

Generated by OpenCVE AI on June 14, 2026 at 18:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade nanoMODBUS to a version newer than 1.23.0 that addresses the buffer overflow.
  • If an update cannot be applied, restrict Modbus/TCP traffic to trusted hosts or disable the service on untrusted networks.
  • On bare‑metal or RTOS targets, enable or configure memory protection (e.g., MPU or MPU‑based guard pages) to prevent the overflow from reaching critical memory regions.

Generated by OpenCVE AI on June 14, 2026 at 18:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 14 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Off‑by‑One Buffer Overflow in nanoMODBUS Modbus/TCP Server Allowing Unauthenticated Denial of Service and Information Disclosure

Sun, 14 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Debevv
Debevv nanomodbus
Vendors & Products Debevv
Debevv nanomodbus

Sun, 14 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length field is set to 255. The overflow corrupts the adjacent buffer-index field of the nanoMODBUS state structure, resulting in denial of service through invalid memory accesses and, on bare-metal and RTOS targets without memory protection, one-byte information disclosure and writes to unintended register addresses on the Write Multiple Registers (FC16) handler path.
Weaknesses CWE-193
CWE-787
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:C'}

cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

cvssV4_0

{'score': 7.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y'}

Subscriptions

Debevv Nanomodbus
cve-icon MITRE

Status: PUBLISHED

Assigner: TuranSec

Published:

Updated: 2026-06-14T17:10:12.275Z

Reserved: 2026-06-13T16:39:46.122Z

Link: CVE-2026-54410

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-14T18:17:20.330

Modified: 2026-06-14T18:17:20.330

Link: CVE-2026-54410

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-14T19:00:08Z

Weaknesses