Back to overview

CVE-2026-15105

MEDIUM
6.3
CVSS 3.1
Description
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-15105
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-08 17:07 UTC
Published
2026-07-08 22:15 UTC
Last updated
2026-07-08 22:15 UTC
Primary CWE
CWE-502
Deserialization
Vendor / Product
davenardella / snap7
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
davenardella snap7 1.4.0, 1.4.1, 1.4.2, 1.4.3
Weakness (CWE)
CWESourceDescription
CWE-20 cna Improper Input Validation
CWE-502 cna Deserialization
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.8 N/D 2.0 cna AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (7)
Back to overview