CVE Catalog

CVE-2026-51218

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

A heap buffer overflow was discovered in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3. This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending a crafted packet.

Risk Assessment

An attacker can remotely crash the snap7 server, disrupting communication with industrial devices and potentially causing production downtime.

Recommendation

Immediately update snap7 to version 1.4.4 or later if available. If an update is not possible, restrict access to the snap7 server to trusted networks and apply packet filtering.

Original NVD description (English source)

A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS