Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
239064.1%CRITICAL

Related CVEs

39
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-45971Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.CRITICAL9.844.1%Nov 15, 2024
CVE-2024-45970Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.CRITICAL9.844.1%Nov 15, 2024
CVE-2024-36702libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.HIGH7.425.8%Jun 11, 2024
CVE-2024-28286In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crashHIGH7.550.0%Mar 21, 2024
CVE-2024-26529An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.HIGH7.551.5%Mar 13, 2024
CVE-2024-25366Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.MEDIUM6.254.3%Feb 20, 2024
CVE-2023-27772libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.HIGH7.555.6%Apr 13, 2023
CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.MEDIUM5.5Feb 24, 2023
CVE-2022-3976A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.HIGH8.8Nov 13, 2022
CVE-2022-2973MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.HIGH7.5Sep 23, 2022
CVE-2022-2972MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.CRITICAL9.8Sep 23, 2022
CVE-2022-2971MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.HIGH7.5Sep 23, 2022
CVE-2022-2970MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.CRITICAL9.8Sep 23, 2022
CVE-2022-21159A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.HIGH7.5Apr 15, 2022
CVE-2022-1302In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.HIGH7.5Apr 12, 2022
CVE-2021-45773A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.HIGH7.5Jan 14, 2022
CVE-2021-45769A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.HIGH7.5Jan 14, 2022
CVE-2021-21778A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.HIGH7.5Aug 25, 2021
CVE-2020-15158In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.CRITICAL9.878.7%Aug 26, 2020
CVE-2020-7054MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.HIGH8.861.6%Jan 14, 2020