CVE-2024-34057

HIGH EPSS 35.5%

Published Sep 18, 20241y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Sep 18, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

35.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-120

Affected Products 9

Vendor	Product	Version	Range
trianglemicroworks	iec_61850_source_code_library	*	<12.2.0
siemens	sicam_a8000_firmware	*	<05.30
siemens	sicam_a8000	*	any
siemens	sicam_scc_firmware	*	<10.0
siemens	sicam_scc	*	any
siemens	sicam_egs_firmware	*	<05.30
siemens	sicam_egs	*	any
siemens	sicam_s8000	*	<05.30
siemens	sitipe_at	*	any

References 2

trianglemicroworks.com https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new

Release Notes
cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16

Third Party AdvisoryUS Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.