Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Siemens
  • Sicam A8000
  • Sicam A8000 Firmware
  • Sicam Egs
  • Sicam Egs Firmware
  • Sicam S8000
  • Sicam Scc
  • Sicam Scc Firmware
  • Sitipe At
Trianglemicroworks
  • Iec 61850 Client Source Code Library
  • Iec 61850 Source Code Library

Configuration 1 [-]

cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new cve-icon cve-icon
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 cve-icon cve-icon
History

Wed, 25 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sicam A8000
Siemens sicam A8000 Firmware
Siemens sicam Egs
Siemens sicam Egs Firmware
Siemens sicam S8000
Siemens sicam Scc
Siemens sicam Scc Firmware
Siemens sitipe At
Trianglemicroworks iec 61850 Source Code Library
CPEs cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*
cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
Vendors & Products Siemens
Siemens sicam A8000
Siemens sicam A8000 Firmware
Siemens sicam Egs
Siemens sicam Egs Firmware
Siemens sicam S8000
Siemens sicam Scc
Siemens sicam Scc Firmware
Siemens sitipe At
Trianglemicroworks iec 61850 Source Code Library

Thu, 19 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Trianglemicroworks
Trianglemicroworks iec 61850 Client Source Code Library
Weaknesses CWE-120
CPEs cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*
Vendors & Products Trianglemicroworks
Trianglemicroworks iec 61850 Client Source Code Library
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
Description Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-18T00:00:00

Updated: 2024-09-19T14:21:28.567Z

Reserved: 2024-04-30T00:00:00

Link: CVE-2024-34057

cve-icon Vulnrichment

Updated: 2024-09-19T14:21:20.827Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-18T19:15:40.777

Modified: 2024-09-25T17:08:16.017

Link: CVE-2024-34057

cve-icon Redhat

No data.