VYPR

Libiec61850

by Mz Automation

Source repositories

CVEs (35)

  • CVE-2024-45969HigNov 15, 2024
    risk 0.42cvss 7.5epss 0.00

    NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.

  • CVE-2018-18957Nov 5, 2018
    risk 0.03cvss epss 0.12

    An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.

  • CVE-2024-45971Nov 15, 2024
    risk 0.00cvss epss 0.01

    Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.

  • CVE-2024-45970Nov 15, 2024
    risk 0.00cvss epss 0.01

    Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.

  • CVE-2024-36702Jun 11, 2024
    risk 0.00cvss epss 0.00

    libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.

  • CVE-2024-28286Mar 20, 2024
    risk 0.00cvss epss 0.01

    In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash

  • CVE-2024-26529Mar 13, 2024
    risk 0.00cvss epss 0.01

    An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.

  • CVE-2024-25366Feb 20, 2024
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.

  • CVE-2023-27772Apr 13, 2023
    risk 0.00cvss epss 0.01

    libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.

  • CVE-2022-3976Nov 13, 2022
    risk 0.00cvss epss 0.00

    A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to…

  • CVE-2022-2970Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

  • CVE-2022-2972Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.

  • CVE-2022-2971Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.

  • CVE-2022-2973Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.

  • CVE-2022-21159Apr 15, 2022
    risk 0.00cvss epss 0.02

    A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to…

  • CVE-2022-1302Apr 12, 2022
    risk 0.00cvss epss 0.01

    In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

  • CVE-2021-45769Jan 14, 2022
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.

  • CVE-2020-15158Aug 26, 2020
    risk 0.00cvss epss 0.02

    In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your…

  • CVE-2020-7054Jan 14, 2020
    risk 0.00cvss epss 0.01

    MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.

  • CVE-2019-19958Dec 24, 2019
    risk 0.00cvss epss 0.01

    In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.

Page 1 of 2