cbcvebase.

Mz-Automation Libiec61850 vulnerabilities

35 known vulnerabilities affecting mz-automation/libiec61850.

Total CVEs
35
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH20MEDIUM7

Vulnerabilities

Page 2 of 2
CVE-2019-6138P4HIGHCVSS 7.5v1.3.12019-01-11
CVE-2019-6138 [HIGH] CWE-401 CVE-2019-6138: An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_mem An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c.
nvd
CVE-2019-16510P4HIGHCVSS 7.5≤ 1.3.32019-09-19
CVE-2019-16510 [HIGH] CWE-416 CVE-2019-16510: libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_serv libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.
nvd
CVE-2018-19093P4HIGHCVSS 7.5v1.32018-11-07
CVE-2018-19093 [HIGH] CWE-122 CVE-2018-19093: An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminati An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program
nvd
CVE-2018-18937P4HIGHCVSS 7.5v1.32018-11-05
CVE-2018-18937 [HIGH] CWE-476 CVE-2018-18937: An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getVa An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.
nvd
CVE-2019-6719P4HIGHCVSS 7.5v1.3.12019-01-23
CVE-2019-6719 [HIGH] CWE-416 CVE-2019-6719: An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c.
nvd
CVE-2019-6135P4HIGHCVSS 7.5v1.3.12019-01-11
CVE-2019-6135 [HIGH] CWE-401 CVE-2019-6135: An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c.
nvd
CVE-2019-6136P4HIGHCVSS 7.5v1.3.12019-01-11
CVE-2019-6136 [HIGH] CVE-2019-6136: An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethe An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.
nvd
CVE-2021-45769P4HIGHCVSS 7.5v1.5.02022-01-14
CVE-2021-45769 [HIGH] CWE-476 CVE-2021-45769: A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.
nvd
CVE-2019-19957P4MEDIUMCVSS 6.5v1.4.02019-12-24
CVE-2019-19957 [MEDIUM] CWE-125 CVE-2019-19957: In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bo In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.
nvd
CVE-2019-19958P4MEDIUMCVSS 6.5v1.4.02019-12-24
CVE-2019-19958 [MEDIUM] CWE-681 CVE-2019-19958: In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.
nvd
CVE-2019-19944P4MEDIUMCVSS 6.5v1.4.02019-12-23
CVE-2019-19944 [MEDIUM] CWE-125 CVE-2019-19944: In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, re In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos.
nvd
CVE-2019-19930P4MEDIUMCVSS 6.5v1.4.02019-12-23
CVE-2019-19930 [MEDIUM] CWE-190 CVE-2019-19930: In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signe In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation.
nvd
CVE-2024-25366P4MEDIUMCVSS 6.2v1.4.02024-02-20
CVE-2024-25366 [MEDIUM] CWE-190 CVE-2024-25366: Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to ca Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
nvd
CVE-2018-19122P4MEDIUMCVSS 4.3v1.32018-11-09
CVE-2018-19122 [MEDIUM] CWE-476 CVE-2018-19122: An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
nvd
CVE-2018-19121P4MEDIUMCVSS 4.3v1.32018-11-09
CVE-2018-19121 [MEDIUM] CWE-476 CVE-2018-19121: An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd. An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
nvd
Mz-Automation Libiec61850 vulnerabilities | cvebase