VYPR
Vendor

Mz Automation

Products
2
CVEs
39
Across products
39
Status
Private

Products

2

Recent CVEs

39
View all 39 CVEs →
  • CVE-2024-45969HigNov 15, 2024
    risk 0.42cvss 7.5epss 0.00

    NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.

  • CVE-2018-18957Nov 5, 2018
    risk 0.03cvss epss 0.12

    An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.

  • CVE-2024-45970Nov 15, 2024
    risk 0.00cvss epss 0.01

    Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.

  • CVE-2024-45971Nov 15, 2024
    risk 0.00cvss epss 0.01

    Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.

  • CVE-2024-36702Jun 11, 2024
    risk 0.00cvss epss 0.00

    libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.

  • CVE-2024-28286Mar 20, 2024
    risk 0.00cvss epss 0.01

    In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash

  • CVE-2024-26529Mar 13, 2024
    risk 0.00cvss epss 0.01

    An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.

  • CVE-2024-25366Feb 20, 2024
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.

  • CVE-2023-27772Apr 13, 2023
    risk 0.00cvss epss 0.01

    libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.

  • CVE-2023-23205Feb 24, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.

  • CVE-2022-3976Nov 13, 2022
    risk 0.00cvss epss 0.00

    A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to…

  • CVE-2022-2970Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

  • CVE-2022-2972Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.

  • CVE-2022-2971Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.

  • CVE-2022-2973Sep 23, 2022
    risk 0.00cvss epss 0.01

    MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.

  • CVE-2022-21159Apr 15, 2022
    risk 0.00cvss epss 0.02

    A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to…

  • CVE-2022-1302Apr 12, 2022
    risk 0.00cvss epss 0.01

    In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

  • CVE-2021-45773Jan 14, 2022
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

  • CVE-2021-45769Jan 14, 2022
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.

  • CVE-2021-21778Aug 25, 2021
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.