Filtered by vendor Mz-automation
Subscriptions
Total
33 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-6719 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | N/A |
An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c. | ||||
CVE-2019-6135 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | N/A |
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2_LE_example.c. | ||||
CVE-2019-6138 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | N/A |
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c. | ||||
CVE-2019-6137 | 1 Mz-automation | 1 Lib60870 | 2024-08-04 | N/A |
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference. | ||||
CVE-2019-6136 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | N/A |
An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c. | ||||
CVE-2020-15158 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | 7.7 High |
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions. | ||||
CVE-2020-7054 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | 8.8 High |
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | ||||
CVE-2021-45769 | 1 Mz-automation | 1 Libiec61850 | 2024-08-04 | 7.5 High |
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. | ||||
CVE-2021-45773 | 1 Mz-automation | 1 Lib60870 | 2024-08-04 | 7.5 High |
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash. | ||||
CVE-2021-21778 | 1 Mz-automation | 1 Lib60870 | 2024-08-03 | 7.5 High |
A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability. | ||||
CVE-2022-3976 | 1 Mz-automation | 1 Libiec61850 | 2024-08-03 | 5.5 Medium |
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. | ||||
CVE-2023-27772 | 1 Mz-automation | 1 Libiec61850 | 2024-08-02 | 7.5 High |
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c. | ||||
CVE-2023-23205 | 1 Mz-automation | 1 Lib60870 | 2024-08-02 | 5.5 Medium |
An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c. |