Mz Automation Libiec61850 vulnerabilities
6 known vulnerabilities affecting mz_automation/libiec61850.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4
Vulnerabilities
Page 1 of 1
CVE-2022-2970P3CRITICALCVSS 9.8≥ All, ≤ 1.4≥ Version 1.5, < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e2022-09-23
CVE-2022-2970 [CRITICAL] CWE-121 CVE-2022-2970: MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
nvd
CVE-2022-2972P3CRITICALCVSS 9.8≥ All, ≤ 1.4≥ Version 1.5, < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e2022-09-23
CVE-2022-2972 [CRITICAL] CWE-121 CVE-2022-2972: MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
nvd
CVE-2022-3976P3HIGHCVSS 8.8v1.0v1.1+3 more2022-11-13
CVE-2022-3976 [HIGH] CWE-22 CVE-2022-3976: A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. Th
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The n
nvd
CVE-2022-2971P3HIGHCVSS 7.5≥ All, ≤ 1.4≥ Version 1.5, < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e2022-09-23
CVE-2022-2971 [HIGH] CWE-843 CVE-2022-2971: MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
nvd
CVE-2022-1302P3HIGHCVSS 7.5≥ unspecified, < 1.5.12022-04-12
CVE-2022-1302 [HIGH] CWE-20 CVE-2022-1302: In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
nvd
CVE-2022-2973P3HIGHCVSS 7.5≥ All, ≤ 1.4≥ Version 1.5, < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e2022-09-23
CVE-2022-2973 [HIGH] CWE-476 CVE-2022-2973: MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.
nvd