CVE-2026-29972: n/a
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer based on the response's byte_count field before validating that byte_count matches the requested quantity. A malicious Modbus TCP server can send a response with byte_count=250 (125 registers) regardless of the requested quantity, causing up to 248 bytes of attacker-controlled data to overflow the buffer, potentially allowing remote code execution.
AI Analysis
Technical Summary
The vulnerability in nanoMODBUS (up to version 1.22.0) is a stack-based buffer overflow in the recv_read_registers_res() function within nanomodbus.c. When a client invokes nmbs_read_holding_registers() or nmbs_read_input_registers(), the library trusts the byte_count field from the server response to determine how much data to write into the caller's buffer. Because the byte_count is not validated against the originally requested quantity, a malicious Modbus TCP server can send a response with a byte_count of 250 (125 registers), causing the library to write up to 248 bytes beyond the buffer boundary. This memory corruption can potentially lead to remote code execution on the client side.
Potential Impact
A remote attacker controlling a Modbus TCP server can exploit this vulnerability to cause a stack-based buffer overflow on a client using nanoMODBUS. This may lead to remote code execution, allowing the attacker to execute arbitrary code on the affected client system. No known exploits in the wild have been reported as of the publication date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should avoid connecting to untrusted or potentially malicious Modbus TCP servers. Implementing network-level controls to restrict access to trusted servers may reduce exposure.
CVE-2026-29972: n/a
Description
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer based on the response's byte_count field before validating that byte_count matches the requested quantity. A malicious Modbus TCP server can send a response with byte_count=250 (125 registers) regardless of the requested quantity, causing up to 248 bytes of attacker-controlled data to overflow the buffer, potentially allowing remote code execution.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in nanoMODBUS (up to version 1.22.0) is a stack-based buffer overflow in the recv_read_registers_res() function within nanomodbus.c. When a client invokes nmbs_read_holding_registers() or nmbs_read_input_registers(), the library trusts the byte_count field from the server response to determine how much data to write into the caller's buffer. Because the byte_count is not validated against the originally requested quantity, a malicious Modbus TCP server can send a response with a byte_count of 250 (125 registers), causing the library to write up to 248 bytes beyond the buffer boundary. This memory corruption can potentially lead to remote code execution on the client side.
Potential Impact
A remote attacker controlling a Modbus TCP server can exploit this vulnerability to cause a stack-based buffer overflow on a client using nanoMODBUS. This may lead to remote code execution, allowing the attacker to execute arbitrary code on the affected client system. No known exploits in the wild have been reported as of the publication date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should avoid connecting to untrusted or potentially malicious Modbus TCP servers. Implementing network-level controls to restrict access to trusted servers may reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fe067ecbff5d8610f67279
Added to database: 5/8/2026, 3:51:26 PM
Last enriched: 5/8/2026, 4:08:10 PM
Last updated: 5/9/2026, 5:21:11 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.