CVE-2017-1000230

HIGH

Snap7 Server 1.4.1 - Denial of Service via ReadVar/WriteVar ItemCount Field

Title source: llm
STIX 2.1

Description

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0103
EPSS Percentile 59.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
snap7_project/snap7_server 1.4.1
Published Nov 17, 2017
Tracked Since Feb 18, 2026