Details of VAR-201711-0280

ID

VAR-201711-0280

CVE

CVE-2017-1000230

TITLE

Snap7 Server Denial of service vulnerability

Trust: 0.8

sources: IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1 // CNVD: CNVD-2017-37420

DESCRIPTION

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. Snap7 The server contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Snap7 is an open source multi-platform Ethernet communications suite for local connectivity to PLCs. Snap7 Server is one of the server components. There is a security vulnerability in Snap7 Server version 1.4.1. An attacker could exploit the vulnerability to cause a denial of service (crash)

Trust: 2.34

sources: NVD: CVE-2017-1000230 // JVNDB: JVNDB-2017-010218 // CNVD: CNVD-2017-37420 // IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1 // CNVD: CNVD-2017-37420

AFFECTED PRODUCTS

vendor:	snap7	model:	server	scope:	eq	version:	1.4.1	Trust: 2.2
vendor:	snap7	model:	snap7	scope:	eq	version:	1.4.1	Trust: 0.8
vendor:	snap7 server	model:	-	scope:	eq	version:	1.4.1	Trust: 0.2

sources: IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1 // CNVD: CNVD-2017-37420 // JVNDB: JVNDB-2017-010218 // CNNVD: CNNVD-201711-701 // NVD: CVE-2017-1000230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-1000230
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-1000230
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-37420
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-701
value:	MEDIUM
Trust: 0.6
IVD:	e2df8101-39ab-11e9-8d4c-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2017-1000230
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37420
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2df8101-39ab-11e9-8d4c-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-1000230
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1 // CNVD: CNVD-2017-37420 // JVNDB: JVNDB-2017-010218 // CNNVD: CNNVD-201711-701 // NVD: CVE-2017-1000230

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-010218 // NVD: CVE-2017-1000230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-701

TYPE

Input validation

Trust: 0.8

sources: IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1 // CNNVD: CNNVD-201711-701

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010218

PATCH

title:

Snap7 Server crashes when provided with unexpected input

url:

https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/

Trust: 0.8

sources: JVNDB: JVNDB-2017-010218

EXTERNAL IDS

db:	NVD	id:	CVE-2017-1000230	Trust: 3.2
db:	CNVD	id:	CNVD-2017-37420	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-701	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010218	Trust: 0.8
db:	IVD	id:	E2DF8101-39AB-11E9-8D4C-000C29342CB1	Trust: 0.2

sources: IVD: e2df8101-39ab-11e9-8d4c-000c29342cb1 // CNVD: CNVD-2017-37420 // JVNDB: JVNDB-2017-010218 // CNNVD: CNNVD-201711-701 // NVD: CVE-2017-1000230

REFERENCES

url:	https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000230	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000230	Trust: 0.8

sources: CNVD: CNVD-2017-37420 // JVNDB: JVNDB-2017-010218 // CNNVD: CNNVD-201711-701 // NVD: CVE-2017-1000230

SOURCES

db:	IVD	id:	e2df8101-39ab-11e9-8d4c-000c29342cb1
db:	CNVD	id:	CNVD-2017-37420
db:	JVNDB	id:	JVNDB-2017-010218
db:	CNNVD	id:	CNNVD-201711-701
db:	NVD	id:	CVE-2017-1000230

LAST UPDATE DATE

2025-04-20T23:25:55.118000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37420	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-010218	date:	2017-12-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-701	date:	2017-11-21T00:00:00
db:	NVD	id:	CVE-2017-1000230	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e2df8101-39ab-11e9-8d4c-000c29342cb1	date:	2017-12-19T00:00:00
db:	CNVD	id:	CNVD-2017-37420	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-010218	date:	2017-12-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-701	date:	2017-11-21T00:00:00
db:	NVD	id:	CVE-2017-1000230	date:	2017-11-17T21:29:00.357