Preface: Modbus is a communication protocol widely used in the field of industrial automation. It provides a standardized method for devices to communicate with each other over the network, making it an important tool for connecting and controlling various industrial equipment.

Background: libmodbus supports the following functions:

• Support Modbus-RTU and Modbus-TCP
• Support common function codes, such as 01/02/03/04/05/06/07/0F/10/11/16/17 Support coil type reading and writing, register reading and writing, discrete quantity reading, etc.
• Support broadcast address 0, slave address 1-247
• Support floating point and integer data conversion, big endian and small endian and other modes
• Parameters are designed according to the official standard document Modbus_Application_Protocol_V1_1b.pdf, such as the maximum number of read and write coils, the maximum number of read and write registers, etc.
• The source code is written in C, which is convenient for porting on various platforms, with only 11 files.

Vulnerability details: libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.

Official announcement: For detail, please refer to link –https://www.tenable.com/cve/CVE-2024-36843