MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMz Automation Libiec61850
APPMz-Automation< 1.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
Powiązane podatności
CVE-2024-45970CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w MMS Client biblioteki LibIEC61850 (MZ Automation)
CVE-2024-45971CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w MMS Client biblioteki LibIEC61850 — zdalne przejęcie kontroli
CVE-2022-2972CRITICAL10.0ten sam produkt
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...
CVE-2018-19185CRITICAL9.8ten sam produkt
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetStrin...
CVE-2018-18957CRITICAL9.8ten sam produkt
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goos...