CRITICAL🇬🇧 English

CVE-2022-2970

CVSS 10.0v3.1pub. 2022-09-23upd. 2024-11-21

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Mz Automation Libiec61850

    APP
    Mz-Automation
    < 1.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-45970CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w MMS Client biblioteki LibIEC61850 (MZ Automation)

CVE-2024-45971CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w MMS Client biblioteki LibIEC61850 — zdalne przejęcie kontroli

CVE-2022-2972CRITICAL10.0ten sam produkt

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...

CVE-2018-19185CRITICAL9.8ten sam produkt

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetStrin...

CVE-2018-18957CRITICAL9.8ten sam produkt

An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goos...

CVE-2022-2970 — CRITICAL 10.0 | CVEbaza.pl