MZ Automation Security Vulnerabilities
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control...
7.5CVSS
7.5AI Score
0.001EPSS
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at...
7.5CVSS
7.5AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal....
8.8CVSS
8.8AI Score
0.001EPSS
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the...
7.5CVSS
7.9AI Score
0.001EPSS
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary...
9.8CVSS
9.6AI Score
0.002EPSS
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary...
9.8CVSS
9.7AI Score
0.003EPSS
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious...
7.5CVSS
7.9AI Score
0.001EPSS
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this...
7.5CVSS
7.3AI Score
0.001EPSS
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of...
7.5CVSS
7.4AI Score
0.001EPSS
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application...
7.5CVSS
7.5AI Score
0.001EPSS
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application...
7.5CVSS
7.4AI Score
0.001EPSS
A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this...
7.5CVSS
7.4AI Score
0.002EPSS
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used ...
9.8CVSS
7.7AI Score
0.012EPSS
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data...
8.8CVSS
7.9AI Score
0.002EPSS
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of...
6.5CVSS
7.3AI Score
0.001EPSS
In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and...
6.5CVSS
7.2AI Score
0.001EPSS
In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and...
6.5CVSS
7.3AI Score
0.001EPSS
In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer...
8.8CVSS
7.6AI Score
0.002EPSS
In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory...
6.5CVSS
7.3AI Score
0.001EPSS
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by...
7.5CVSS
7.4AI Score
0.001EPSS
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol...
7.5CVSS
7.4AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and...
7.5CVSS
7.4AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and...
7.5CVSS
7.3AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by...
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer...
7.5CVSS
7.3AI Score
0.002EPSS
An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and...
7.5CVSS
7.4AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack...
9.8CVSS
9.6AI Score
0.008EPSS
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in...
4.3CVSS
7.4AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in...
4.3CVSS
7.4AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in...
9.8CVSS
9.7AI Score
0.1EPSS
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in...
7.5CVSS
7.4AI Score
0.001EPSS
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in...
9.8CVSS
9.6AI Score
0.008EPSS