CVE-2026-15105

medium

Description

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

https://vuldb.com/vuln/376946/cti

https://vuldb.com/vuln/376946

https://vuldb.com/submit/851026

https://vuldb.com/cve/CVE-2026-15105

https://github.com/user-attachments/files/28681740/poc.zip

https://github.com/davenardella/snap7/issues/16

https://github.com/davenardella/snap7/

Details

Source: Mitre, NVD

Published: 2026-07-08

Updated: 2026-07-08

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium