VAR-201711-0280
Vulnerability from variot - Updated: 2025-04-20 23:25The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. Snap7 The server contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Snap7 is an open source multi-platform Ethernet communications suite for local connectivity to PLCs. Snap7 Server is one of the server components. There is a security vulnerability in Snap7 Server version 1.4.1. An attacker could exploit the vulnerability to cause a denial of service (crash)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "server",
"scope": "eq",
"trust": 2.2,
"vendor": "snap7",
"version": "1.4.1"
},
{
"model": "snap7",
"scope": "eq",
"trust": 0.8,
"vendor": "snap7",
"version": "1.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "snap7 server",
"version": "1.4.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:snap7_project:snap7_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
}
]
},
"cve": "CVE-2017-1000230",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-1000230",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-1000230",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-1000230",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-1000230",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-701",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. Snap7 The server contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Snap7 is an open source multi-platform Ethernet communications suite for local connectivity to PLCs. Snap7 Server is one of the server components. There is a security vulnerability in Snap7 Server version 1.4.1. An attacker could exploit the vulnerability to cause a denial of service (crash)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-1000230"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-1000230",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2017-37420",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2DF8101-39AB-11E9-8D4C-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"id": "VAR-201711-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
}
],
"trust": 1.4666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
}
]
},
"last_update_date": "2025-04-20T23:25:55.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Snap7 Server crashes when provided with unexpected input",
"trust": 0.8,
"url": "https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000230"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"date": "2017-11-17T21:29:00.357000",
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37420"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010218"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-701"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-1000230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Snap7 Server Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-37420"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "e2df8101-39ab-11e9-8d4c-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-701"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…