CVE-2022-3976
published 2022-11-13CVE-2022-3976: A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file…
PriorityP348high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.46%
36.6th percentile
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mz-automation | libiec61850 | < 1.5 | 1.5 |
| mz_automation | libiec61850 | — | — |
| mz_automation | libiec61850 | — | — |
| mz_automation | libiec61850 | — | — |
| mz_automation | libiec61850 | — | — |
| mz_automation | libiec61850 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r8h4-q53x-8w2p: A vulnerability has been found in MZ Automation libiec61850 up to 1
ghsa_unreviewed·2022-11-13
CVE-2022-3976 [HIGH] CWE-22 GHSA-r8h4-q53x-8w2p: A vulnerability has been found in MZ Automation libiec61850 up to 1
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.
CISA
SAP NetWeaver Directory Traversal Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2016-3976 [HIGH] CWE-22 SAP NetWeaver Directory Traversal Vulnerability
Vulnerability: SAP NetWeaver Directory Traversal Vulnerability
Affected: SAP NetWeaver
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-3976
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mz-automation/libiec61850https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786fhttps://vuldb.com/?id.213556https://github.com/mz-automation/libiec61850https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786fhttps://vuldb.com/?id.213556
2022-11-13
Published