Lucene search

IcscertCVELIST:CVE-2022-2970

HistorySep 23, 2022 - 3:28 p.m.

CVE-2022-2970 MZ Automation libIEC61850 Stack-Based Buffer Overflow

2022-09-2315:28:55

CWE-121

icscert

www.cve.org

mz automation

libiec61850

buffer overflow

vulnerability

remote execution

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

MZ Automation’s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

CNA Affected

[
  {
    "product": "libIEC61850",
    "vendor": "MZ Automation",
    "versions": [
      {
        "lessThanOrEqual": "1.4",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      },
      {
        "lessThan": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e",
        "status": "affected",
        "version": "Version 1.5",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-251-01

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

Related for CVELIST:CVE-2022-2970