The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
References
Link | Resource |
---|---|
http://snap7.com | Third Party Advisory URL Repurposed |
https://sourceforge.net/p/snap7/discussion/bugfix/thread/456d76fdde/ | Third Party Advisory |
https://sourceforge.net/projects/snap7/ | Exploit Third Party Advisory |
Configurations
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://snap7.comĀ - Third Party Advisory, URL Repurposed |
Information
Published : 2020-10-28 14:15
Updated : 2024-02-14 01:17
NVD link : CVE-2020-22552
Mitre link : CVE-2020-22552
CVE.ORG link : CVE-2020-22552
JSON object : View
Products Affected
snap7_project
- snap7
CWE