Filtered by vendor Mz-automation
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2973 | 1 Mz-automation | 1 Libiec61850 | 2024-09-17 | 8.6 High |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server. | ||||
| CVE-2022-2971 | 1 Mz-automation | 1 Libiec61850 | 2024-09-17 | 8.6 High |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | ||||
| CVE-2022-2970 | 1 Mz-automation | 1 Libiec61850 | 2024-09-17 | 10 Critical |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code. | ||||
| CVE-2022-1302 | 1 Mz-automation | 1 Libiec61850 | 2024-09-16 | 7.5 High |
| In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | ||||
| CVE-2022-21159 | 1 Mz-automation | 1 Libiec61850 | 2024-09-16 | 7.5 High |
| A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. | ||||
| CVE-2022-2972 | 1 Mz-automation | 1 Libiec61850 | 2024-09-16 | 10 Critical |
| MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. | ||||
| CVE-2018-19093 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 7.5 High |
| An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program | ||||
| CVE-2018-19121 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c. | ||||
| CVE-2018-19185 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | ||||
| CVE-2018-19122 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c. | ||||
| CVE-2018-18937 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c. | ||||
| CVE-2018-18957 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | ||||
| CVE-2018-18834 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | ||||
| CVE-2019-1010300 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | N/A |
| mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet. | ||||
| CVE-2019-19930 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 6.5 Medium |
| In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation. | ||||
| CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 6.5 Medium |
| In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | ||||
| CVE-2019-19957 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 6.5 Medium |
| In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | ||||
| CVE-2019-19944 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 6.5 Medium |
| In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos. | ||||
| CVE-2019-19931 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 8.8 High |
| In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. | ||||
| CVE-2019-16510 | 1 Mz-automation | 1 Libiec61850 | 2024-08-05 | 7.5 High |
| libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. | ||||