CVE-2022-2970

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01 Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:mz-automation:libiec61850:*:*:*:*:*:*:*:*

Information

Published : 2022-09-23 09:15

Updated : 2022-09-26 15:43


NVD link : CVE-2022-2970

Mitre link : CVE-2022-2970


JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa

Products Affected

mz-automation

  • libiec61850