Libiec61850@* Security Vulnerabilities and Issues — Libiec61850@* CVE List

Lucene search

Mz-automationLibiec61850*

11 matches found

CVE•added 2019/09/19 4:15 p.m.•104 views

CVE-2019-16510

libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.

7.5CVSS7.5AI score0.00393EPSS

CVE•added 2022/04/12 8:15 a.m.•72 views

CVE-2022-1302

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

7.5CVSS7.4AI score0.0098EPSS

CVE•added 2024/06/11 7:16 p.m.•49 views

CVE-2024-36702

libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.

7.4CVSS7.7AI score0.00089EPSS

CVE•added 2022/09/23 4:15 p.m.•46 views

CVE-2022-2972

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.

10CVSS9.8AI score0.00313EPSS

CVE•added 2022/11/13 2:15 p.m.•46 views

CVE-2022-3976

A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgr...

8.8CVSS7.3AI score0.00048EPSS

CVE•added 2022/09/23 4:15 p.m.•45 views

CVE-2022-2970

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

10CVSS9.8AI score0.00273EPSS

CVE•added 2022/09/23 4:15 p.m.•41 views

CVE-2022-2971

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.

8.6CVSS8AI score0.00099EPSS

CVE•added 2020/01/14 9:15 p.m.•39 views

CVE-2020-7054

MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.

8.8CVSS8.9AI score0.00661EPSS

CVE•added 2022/09/23 4:15 p.m.•35 views

CVE-2022-2973

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.

8.6CVSS7.9AI score0.00124EPSS

CVE•added 2024/03/13 8:15 a.m.•34 views

CVE-2024-26529

An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.

7.5CVSS6.8AI score0.00605EPSS

CVE•added 2020/08/26 6:15 p.m.•33 views

CVE-2020-15158

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value

9.8CVSS8.8AI score0.0238EPSS