CVE-2017-1000230
HIGHSnap7 Server 1.4.1 - Denial of Service via ReadVar/WriteVar ItemCount Field
Title source: llmDescription
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/
Scores
CVSS v3
7.5
EPSS
0.0103
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
snap7_project/snap7_server
1.4.1
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026