Skip to main content

Codesys Modbus

1 CVEs product

Monthly

CVE-2026-35227 HIGH PATCH This Week

TCP connection exhaustion in CODESYS Modbus TCP Server allows remote unauthenticated attackers to trigger a race condition in connection handling, depleting all available TCP connections and denying service to legitimate industrial automation clients. CVSS 8.2 (High) reflects high availability impact. No active exploitation confirmed (not in CISA KEV), but attack complexity is low with present race condition opportunity (AT:P). Patch available from vendor for versions prior to 4.6.0.0.

Information Disclosure Codesys Modbus
NVD
CVSS 4.0
8.2
EPSS
0.1%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

TCP connection exhaustion in CODESYS Modbus TCP Server allows remote unauthenticated attackers to trigger a race condition in connection handling, depleting all available TCP connections and denying service to legitimate industrial automation clients. CVSS 8.2 (High) reflects high availability impact. No active exploitation confirmed (not in CISA KEV), but attack complexity is low with present race condition opportunity (AT:P). Patch available from vendor for versions prior to 4.6.0.0.

Information Disclosure Codesys Modbus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy