CVE-2022-2970
published 2022-09-23CVE-2022-2970: MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.06%
60.4th percentile
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mz-automation | libiec61850 | < 1.5.0 | 1.5.0 |
| mz_automation | libiec61850 | All – 1.4 | — |
| mz_automation | libiec61850 | >= Version 1.5 < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e | Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
MZ Automation libIEC61850
cisa_ics·2022-09-08·CVSS 10.0
[CRITICAL] MZ Automation libIEC61850
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
MZ Automation libIEC61850
Last RevisedSeptember 08, 2022
Alert CodeICSA-22-251-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: MZ Automation GmbH
- Equipment: libIEC61850
- Vulnerabilities: Buffer Overflow, Access of Resource Using Incompatible Type, NULL Pointer Dereference
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed, and buffer overflow conditions could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following v
GHSA
GHSA-h3j4-vfr6-r3jp: MZ Automation's libIEC61850 (versions 1
ghsa_unreviewed·2022-09-25
CVE-2022-2970 [CRITICAL] CWE-787 GHSA-h3j4-vfr6-r3jp: MZ Automation's libIEC61850 (versions 1
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-23
Published