Cyber Resilience

CVE-2024-10918

Medium

Published: 27 February 2025

Published
27 February 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0009 25.9th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10918 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libmodbus Libmodbus. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 25.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-10918, published on 2025-02-27, is a stack-based buffer overflow vulnerability in libmodbus version 3.1.10. The flaw allows the buffer allocated for a Modbus response to be overflowed when the function attempts to reply to a Modbus request with an unexpected length. It is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).

The vulnerability carries a CVSS v3.1 base score of 4.8 (Medium), with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L. Unauthenticated attackers accessible over the network can potentially exploit it, though exploitation requires high attack complexity and no user interaction. Successful attacks could lead to limited impacts on integrity and availability, such as partial denial of service or minor data tampering, with no confidentiality loss.

Advisories providing details on mitigations and patches are available from Nozomi Networks at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html. Security practitioners should consult these sources for system-specific remediation guidance.

EU & UK References

Vulnerability details

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Stack buffer overflow in libmodbus enables remote exploitation of Modbus services (remote protocol handling) for DoS or limited tampering via crafted requests.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-30472Shared CWE-121, CWE-787
CVE-2025-26595Shared CWE-121, CWE-787
CVE-2026-3972Shared CWE-121, CWE-787
CVE-2025-14235Shared CWE-787
CVE-2025-66177Shared CWE-121
CVE-2025-26598Shared CWE-787
CVE-2026-37536Shared CWE-121
CVE-2026-41429Shared CWE-121
CVE-2026-22790Shared CWE-121
CVE-2026-30872Shared CWE-121

Affected Assets

libmodbus
libmodbus
3.1.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the stack-based buffer overflow in libmodbus by requiring timely application of patches or updates to remediate the specific flaw in version 3.1.10.

prevent

Implements memory protection mechanisms such as stack canaries, ASLR, or non-executable stacks to prevent exploitation of the stack-based buffer overflow vulnerability.

prevent

Requires validation of Modbus request lengths to prevent processing unexpected inputs that trigger the response buffer overflow in libmodbus.

References