Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3976 | 1 Mz-automation | 1 Libiec61850 | 2022-11-18 | N/A | 8.8 HIGH |
| A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. | |||||
| CVE-2022-2970 | 1 Mz-automation | 1 Libiec61850 | 2022-09-26 | N/A | 9.8 CRITICAL |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code. | |||||
| CVE-2022-2972 | 1 Mz-automation | 1 Libiec61850 | 2022-09-26 | N/A | 9.8 CRITICAL |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. | |||||
| CVE-2022-2971 | 1 Mz-automation | 1 Libiec61850 | 2022-09-26 | N/A | 7.5 HIGH |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | |||||
| CVE-2022-2973 | 1 Mz-automation | 1 Libiec61850 | 2022-09-26 | N/A | 7.5 HIGH |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server. | |||||
| CVE-2022-21159 | 1 Mz-automation | 1 Libiec61850 | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. | |||||
| CVE-2022-1302 | 1 Mz-automation | 1 Libiec61850 | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | |||||
| CVE-2021-45769 | 1 Mz-automation | 1 Libiec61850 | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. | |||||
| CVE-2020-15158 | 1 Mz-automation | 1 Libiec61850 | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions. | |||||
| CVE-2019-6135 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c. | |||||
| CVE-2018-18957 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | |||||
| CVE-2018-19185 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | |||||
| CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | |||||
| CVE-2018-18834 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | |||||
| CVE-2019-6136 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. | |||||
| CVE-2019-6138 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c. | |||||
| CVE-2020-7054 | 1 Mz-automation | 1 Libiec61850 | 2020-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | |||||
| CVE-2019-19957 | 1 Mz-automation | 1 Libiec61850 | 2020-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | |||||
| CVE-2019-19930 | 1 Mz-automation | 1 Libiec61850 | 2019-12-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation. | |||||
| CVE-2019-19931 | 1 Mz-automation | 1 Libiec61850 | 2019-12-30 | 6.8 MEDIUM | 8.8 HIGH |
| In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. | |||||