CVE-2020-22552

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
References
Link Resource
http://snap7.com Third Party Advisory URL Repurposed
https://sourceforge.net/p/snap7/discussion/bugfix/thread/456d76fdde/ Third Party Advisory
https://sourceforge.net/projects/snap7/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:snap7_project:snap7:1.4.1:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://snap7.comĀ - Third Party Advisory () http://snap7.comĀ - Third Party Advisory, URL Repurposed

Information

Published : 2020-10-28 14:15

Updated : 2024-02-14 01:17


NVD link : CVE-2020-22552

Mitre link : CVE-2020-22552

CVE.ORG link : CVE-2020-22552


JSON object : View

Products Affected

snap7_project

  • snap7