Mz-automation Libiec61850 — known CVE vulnerabilities
Every CVE whose affected-product data names Mz-automation Libiec61850, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2022-2972 — CVSS 10.0 (critical): MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to…
CVE-2022-2970 — CVSS 10.0 (critical): MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not…
CVE-2018-18834 — CVSS 9.8 (critical): An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
CVE-2018-18957 — CVSS 9.8 (critical): An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
CVE-2018-19185 — CVSS 9.8 (critical): An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c…
CVE-2024-45970 — CVSS 9.8 (critical): Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a…
CVE-2024-45971 — CVSS 9.8 (critical): Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a…
CVE-2019-19931 — CVSS 8.8 (high): In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow.
CVE-2020-7054 — CVSS 8.8 (high): MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing…
CVE-2022-2973 — CVSS 8.6 (high): MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL…
CVE-2022-2971 — CVSS 8.6 (high): MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a…
CVE-2020-15158 — CVSS 7.7 (high): In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will…
CVE-2019-6719 — CVSS 7.5 (high): An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as…
CVE-2019-1010300 — CVSS 7.5 (high): mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is…
CVE-2019-16510 — CVSS 7.5 (high): libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by…
CVE-2019-6135 — CVSS 7.5 (high): An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from…
CVE-2019-6136 — CVSS 7.5 (high): An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as…
CVE-2019-6138 — CVSS 7.5 (high): An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called…
CVE-2021-45769 — CVSS 7.5 (high): A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault…
CVE-2022-1302 — CVSS 7.5 (high): In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a…
CVE-2022-21159 — CVSS 7.5 (high): A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A…
CVE-2018-19093 — CVSS 7.5 (high): An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c…
CVE-2018-18937 — CVSS 7.5 (high): An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c.
CVE-2023-27772 — CVSS 7.5 (high): libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at…
CVE-2024-26529 — CVSS 7.5 (high): An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the…
CVE-2024-28286 — CVSS 7.5 (high): In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of…
CVE-2024-36702 — CVSS 7.4 (high): libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
CVE-2019-19958 — CVSS 6.5 (medium): In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an…
CVE-2019-19957 — CVSS 6.5 (medium): In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to…
CVE-2019-19930 — CVSS 6.5 (medium): In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an…
CVE-2019-19944 — CVSS 6.5 (medium): In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos.
CVE-2024-25366 — CVSS 6.2 (medium): Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the…
CVE-2022-3976 — CVSS 5.5 (medium): A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code…
CVE-2018-19122 — CVSS 4.3 (medium): An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
CVE-2018-19121 — CVSS 4.3 (medium): An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.