CRITICAL🇵🇱 Wersja polska

CVE-2022-2970

CVSS 10.0v3.1pub. 2022-09-23upd. 2024-11-21

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Mz Automation Libiec61850

    APP
    Mz-Automation
    < 1.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-45970CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w MMS Client biblioteki LibIEC61850 (MZ Automation)

CVE-2024-45971CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w MMS Client biblioteki LibIEC61850 — zdalne przejęcie kontroli

CVE-2022-2972CRITICAL10.0ten sam produkt

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...

CVE-2018-19185CRITICAL9.8ten sam produkt

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetStrin...

CVE-2018-18957CRITICAL9.8ten sam produkt

An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goos...