A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467 | Exploit Third Party Advisory |
https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721 | Patch Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467 | Exploit Third Party Advisory |
Configurations
Information
Published : 2022-04-15 09:15
Updated : 2022-04-25 09:10
NVD link : CVE-2022-21159
Mitre link : CVE-2022-21159
JSON object : View
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Products Affected
mz-automation
- libiec61850