lowCVE-2026-15105

Snap7 ReadVar Request Handler Stack Buffer Overflow Vulnerability

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

ProductSnap7
CVSS2.1
EPSS0.00285
UpdatedJuly 10, 2026

Quick answer

davenardella Snap7 should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Snap7 1.4.0
  • Snap7 1.4.1
  • Snap7 1.4.2
  • Snap7 1.4.3

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Snap7 up to 1.4.3 is affected in the ReadVar request handling path where crafted multi-item S7 requests can corrupt server memory. Because Snap7 is commonly used around industrial control networks, isolate exposed S7 services, restrict local-network access, and avoid running vulnerable servers until a safe patch or mitigation is in place.

  1. Inventory systems running Snap7 server components, especially services exposing S7 communication on local or OT networks.
  2. Restrict Snap7 and S7 protocol access to trusted engineering workstations, PLC simulators, and approved application hosts only.
  3. Block untrusted access to TCP/102 and any Snap7 service ports at network firewalls and host firewalls.
  4. Disable vulnerable Snap7 server functionality if it is not required for production operations.
  5. Apply a vendor or maintainer patch when available; if no patch is available, rebuild with a reviewed bounds-checking fix before redeployment.
  6. Run affected Snap7 services with least privilege, process supervision, and segmentation away from critical control assets.
  7. Review OT network logs for malformed ReadVar requests, repeated connection resets, service crashes, or unusual S7 traffic.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm no vulnerable Snap7 service is reachable from untrusted IT networks or the internet.
  • Validate firewall rules limit S7 and Snap7 access to approved source hosts.
  • Confirm patched or mitigated binaries are deployed before re-enabling server functionality.
  • Review service crash logs and OT monitoring telemetry for ReadVar-related probes or exploitation attempts.
  • Run a Fixnx scan and confirm no Snap7 or S7 management surface is publicly exposed.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-15105?

davenardella Snap7 versions listed as affected should be reviewed: Snap7 1.4.0, Snap7 1.4.1, Snap7 1.4.2, Snap7 1.4.3.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.