Security Advisory – Null Pointer Dereference in FieldTalk Modbus Slave C++ Library
Advisory ID: FT-SA-2025-01
Product: FieldTalk Modbus Slave C++ Library
Version(s) Affected: 2.3 through 2.8.0
Vendor: proconX Pty Ltd
Severity: Medium (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CWE: CWE-476 (NULL Pointer Dereference)
Date Published: 2025-03-01
Last Updated: 2025-03-01
Overview
A vulnerability has been identified in the FieldTalk Modbus Slave C++ Library versions 2.3 through 2.8.0. The issue arises from a null pointer dereference triggered by certain Modbus requests. This vulnerability can lead to an access violation on Windows or a segmentation fault on Linux, resulting in a denial-of-service (DoS) condition.
Vulnerability Details
Vulnerability Type: Null Pointer Dereference
CWE ID: CWE-476 (NULL Pointer Dereference)
This issue occurs when a Modbus master device sends a specially crafted request to the FieldTalk Modbus Slave C++ Library over the Modbus RTU or ASCII protocol. The malformed request causes the library to dereference a null pointer, leading to an access violation (on Windows) or a segmentation fault (on Linux).
Impact:
- Windows: Access violation
- Linux: Segmentation fault
- Effect: Denial-of-Service (DoS)
An attacker who can send Modbus requests to the vulnerable system can cause a crash, rendering the system unavailable.
CVSS v3.1 Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Explanation of CVSS:
- AV:L (Attack Vector: Local) – Requires physical access or a connected serial device.
- AC:L (Attack Complexity: Low) – A simple Modbus request can trigger the issue.
- PR:N (Privileges Required: None) – Any serial-connected Modbus master can trigger it.
- UI:N (User Interaction: None) – No user action required.
- S:U (Scope: Unchanged) – The impact remains confined to the affected system.
- C:N/I:N/A:H – No data is leaked (Confidentiality = None), no unauthorized modification (Integrity = None), but Availability is High because it crashes the system.
Affected Versions
The following versions are affected by this vulnerability:
- FieldTalk Modbus Slave C++ Library: 2.3 through 2.8.0
Solution / Mitigation
Upgrade to FieldTalk Modbus Slave C++ Library version 2.8.2 or later.
Version 2.8.1, which also contains the fix, was provided as a private interim build to a single customer and was not publicly released — customers should upgrade to 2.8.2 or later.
If an upgrade is not immediately possible, contact the vendor for guidance on applying the fix to your source code.
Workaround
No workaround is available other than upgrading to a fixed version.
Steps to Reproduce
- Set up a Modbus slave using FieldTalk Modbus Slave C++ Library version 2.3 through 2.8.0.
- Instruct a Modbus master device to send a crafted Modbus request over the Modbus RTU or ASCII protocol.
- Observe that the system crashes with an access violation (on Windows) or segmentation fault (on Linux).
Timeline
- 2019-07-11: Fix implemented (internal commit 3b1005c, "Fixed crash when receiving broadcasts").
- 2019-08-13: Fix included in version 2.8.1, a private interim build provided to a single customer only.
- 2021-03-31: Fix included in version 2.8.2, the first public release containing the fix.
- 2025-03-01: Issue identified as a security-relevant defect during internal review, assessed against CVSS, and this advisory drafted and published.
References
- Internal fix commit: 3b1005c (2019-07-11)
- No CVE has been requested for this issue.
Credits
This vulnerability was identified internally by proconX during a routine security review; it was not externally reported.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. proconX Pty Ltd does not assume any responsibility for the impact of this vulnerability or the actions taken by users to address it. Users are advised to take appropriate precautions based on their own security requirements.