EUVD-2025-1881

Malicious code in bioql PyPI...

Hitachi Energy's RTU500 series Missing synchronization (CVE-2025-1445)

A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active. Precondition is that IEC61850 as client or server are...

CVE-2025-0814

CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack...

CVE-2025-0814

CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack...

CVE-2025-0814

CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack...

CVE-2025-0814

CVE-2025-0814 affects Schneider Electric Enerlin’X Enerlin devices (IEC61850-MMS interface). The vulnerability is CWE-20: Improper Input Validation, enabling Denial-of-Service on the device’s network services when malicious IEC61850-MMS packets are sent; core breaker functionality remains intact....

CVE-2024-36059

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol...

CVE-2024-36059

CVE-2024-36059 affects Kalkitech ASE ASE61850 IEDSmart

CVE-2023-45599

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45599

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

Design/Logic Flaw

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45599

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45599

Summary: CVE-2023-45599 affects AiLux imx6 bundle prior to version imx6_1.0.7-2. The issue is a CWE-646 flaw in the web application’s “iec61850” functionality that allows a remote authenticated attacker to upload arbitrary file types. Affected product/versions: AiLux imx6 bundle before imx6_1.0.7...

PT-2024-13263 · Ailux · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-646 issue in the "iec61850" functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. Recommendations:...

CVE-2023-5188 WAGO Improper Input Validation in IEC61850 Server / Telecontrol

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected...

The vulnerability of the libIEC61850 library, related to pointer assignment errors, allows a perpetrator to cause a service failure.

The vulnerability of the libIEC61850 library is related to errors in pointer assignment. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Siemens SICAM GridEdge Access Control Error Vulnerability

SICAM GridEdge can make your existing IEC61850 devices IoT capable with just a few clicks.An access control error vulnerability exists in Siemens SICAM GridEdge, which could be exploited by an attacker with access to the file system of the host computer running SICAM GridEdge to inject a custom S...

Siemens SICAM GridEdge Source Authentication Error Vulnerability

SICAM GridEdge enables IoT functionality in your existing IEC61850 devices with just a few clicks.A source authentication error vulnerability in Siemens SICAM GridEdge is caused by the fact that the affected software does not apply cross-domain resource sharing CORS restrictions to critical...

Siemens SICAM GridEdge Resource Leakage Vulnerability

SICAM GridEdge enables your existing IEC61850 devices to have IoT functionality with just a few clicks.A resource leak vulnerability exists in Siemens SICAM GridEdge, which stems from the fact that the affected software discloses the password hash of another user upon request, which can be...

CVE-2022-21159

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerabili...