A high-severity vulnerability allows unauthenticated remote attackers to disrupt industrial operations by modifying configuration presets on affected Modbus-enabled devices.

This flaw involves a lack of authentication in the handling of Modbus (TCP) requests. An unauthenticated remote attacker can issue specific commands to the device to switch between configuration presets, leading to unauthorized state changes.

Successful exploitation could result in significant operational downtime, loss of process control, and potential safety risks within industrial environments. The CVSS score of 7.5 reflects a high severity, primarily because the vulnerability can be triggered remotely without any user credentials, potentially allowing an attacker to halt or misconfigure critical infrastructure.

Immediate Action: Apply the latest firmware updates provided by the equipment manufacturer immediately to secure the Modbus implementation.

Proactive Monitoring: Review Modbus traffic logs for anomalous configuration change commands and monitor for unexpected device reboots or preset transitions.

Compensating Controls: Implement strict network segmentation to isolate Industrial Control System (ICS) traffic and utilize industrial firewalls with Deep Packet Inspection (DPI) to block unauthorized Modbus function codes.

Public Exploit Available: false

The ability for an unauthenticated attacker to manipulate device configurations remotely poses a severe risk to operational continuity. Security teams must prioritize the deployment of vendor-supplied patches and ensure that all Modbus-enabled controllers are removed from direct internet exposure to mitigate the risk of remote disruption.