CVE-2020-22552

EUVD-2020-15312
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
snap7_projectsnap7
1.4.1
𝑥
= Vulnerable software versions
References
http://snap7.com
https://sourceforge.net/p/snap7/discussion/bugfix/thread/456d76fdde/
https://sourceforge.net/projects/snap7/
http://snap7.com
https://sourceforge.net/p/snap7/discussion/bugfix/thread/456d76fdde/
https://sourceforge.net/projects/snap7/