Mz-automation Libiec61850
35 CVEs affecting Mz-automation Libiec61850. Latest disclosed: 2024-11-15. Critical: 7, High: 20.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2972 | Critical | 10.0 | 2022-09-23 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffe… |
CVE-2022-2970 | Critical | 10.0 | 2022-09-23 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcp… |
CVE-2024-45971 | Critical | 9.8 | 2024-11-15 | Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cau… |
CVE-2024-45970 | Critical | 9.8 | 2024-11-15 | Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cau… |
CVE-2018-19185 | Critical | 9.8 | 2018-11-12 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable… |
CVE-2018-18957 | Critical | 9.8 | 2018-11-05 | An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. |
CVE-2018-18834 | Critical | 9.8 | 2018-10-30 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. |
CVE-2020-7054 | High | 8.8 | 2020-01-14 | MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING… |
CVE-2019-19931 | High | 8.8 | 2019-12-23 | In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. |
CVE-2022-2973 | High | 8.6 | 2022-09-23 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situa… |
CVE-2022-2971 | High | 8.6 | 2022-09-23 | MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompa… |
CVE-2020-15158 | High | 7.7 | 2020-08-26 | In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap… |
CVE-2024-28286 | High | 7.5 | 2024-03-21 | In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_f… |
CVE-2024-26529 | High | 7.5 | 2024-03-13 | An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariab… |
CVE-2023-27772 | High | 7.5 | 2023-04-13 | libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c. |
CVE-2022-21159 | High | 7.5 | 2022-04-15 | A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of… |
CVE-2022-1302 | High | 7.5 | 2022-04-12 | In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. |
CVE-2021-45769 | High | 7.5 | 2022-01-14 | A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application cras… |
CVE-2019-16510 | High | 7.5 | 2019-09-19 | libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. |
CVE-2019-1010300 | High | 7.5 | 2019-07-15 | mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The… |