An authenticated attacker can send a malformed packet to trigger a device crash via the CODESYS V2 runtime commands parsing.
An unauthenticated attacker with network access to port 502/TCP of the target device can cause a denial-of-service condition by sending multiple specially crafted packets. The MODBUS server does not properly release memory resources that were reserved for incomplete connection attempts by MODBUS clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the MODBUS server.
The FL MGUARD family of devices is affected by two vulnerabilities.