cbcvebase.
CVE-2022-3976
published 2022-11-13

CVE-2022-3976: A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file…

PriorityP348high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.46%
36.6th percentile
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.

Affected

6 ranges
VendorProductVersion rangeFixed in
mz-automationlibiec61850< 1.51.5
mz_automationlibiec61850
mz_automationlibiec61850
mz_automationlibiec61850
mz_automationlibiec61850
mz_automationlibiec61850

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.