OpenPLC ModbusTCP Server Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the ModbusTCP server functionality of OpenPLC version 3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. This vulnerability allows an attacker to disrupt the server's ability to process Modbus requests by opening a series of TCP connections that are not properly closed. The issue arises because the server can become overwhelmed with abandoned connections, exhausting the available file descriptors and preventing new connections from being established.

Impact

Exploitation of this vulnerability leads to a resource-exhaustion denial-of-service condition, where the server becomes unable to process new Modbus connections due to all available file descriptors being used up by abandoned sessions.

Reproduction

To reproduce this vulnerability, open multiple TCP connections to the OpenPLC ModbusTCP server, which listens on port 502 by default. After establishing these connections, do not send any Modbus requests. Instead, keep one connection open indefinitely. This will cause the server to run out of file descriptors, as it cannot close the connections that were abandoned.