Libiec61850
CVE-2022-2971
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
AnalysisAI
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Access of Resource Using Incompatible Type (Type Confusion) (CWE-843), which allows attackers to execute arbitrary code by exploiting type confusion in the application. MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. Affected products include: Mz-Automation Libiec61850. Version information: version 1.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict type checking, use type-safe languages, validate object types before operations.
More in Libiec61850
View allAn issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita
An issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita
An issue has been found in libIEC61850 v1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer ov
In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.
In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c f
An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) vi
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() a
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec6185
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrate
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. Rated high severity (CVSS 7.5), this vulner
An issue has been found in libIEC61850 v1.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl
Same technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today