CVE-2022-38138
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.8%
The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.
Affected configurations
CNA Affected
[
{
"vendor": "Triangle Microworks",
"product": "Library: IEC 61850",
"versions": [
{
"version": "Any client or server using the C language library with a version number of 11.2.0 or earlier",
"status": "affected"
},
{
"version": "Any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier",
"status": "affected"
}
]
},
{
"vendor": "Triangle Microworks",
"product": "Library: IEC 60870-6 (ICCP/Tase.2)",
"versions": [
{
"version": "Any client or server using a C++ language library with a version number of 4.4.3 or earlier",
"status": "affected"
}
]
}
]Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.8%