Improper resource management in CODESYS Modbus TCP Server
Details
CVSS v4
8.2
NVD published
2026-05-12 08:16:08
Affected versions
All vulnerable versions of the CODESYS Modbus TCP Server stack
Summary
This vulnerability is caused by improper resource management and an unhandled race condition in connection handling for the CODESYS Modbus TCP Server. An unauthenticated remote attacker can exploit this flaw to exhaust all available TCP connections on the affected server. This prevents legitimate clients from establishing new connections, causing a denial of service for industrial operations.
Remediation
Update the CODESYS Modbus TCP Server stack to the latest patched version from CODESYS or your device vendor. Use network access control lists to block untrusted external access to Modbus TCP ports on affected devices. Monitor connection counts on affected servers to detect potential exploitation activity.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.