CVE-2022-21159
https://notcve.org/view.php?id=CVE-2022-21159
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability. Se presenta Una vulnerabilidad de Denegación de Servicio en la funcionalidad parseNormalModeParameters de MZ Automation GmbH libiec61850 versión 1.5.0. Una serie de peticiones de red especialmente diseñadas puede conllevar a una denegación de servicio. • https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467 https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-1302 – Malformed Goose Message in LibIEC61850 may result in a denial of service
https://notcve.org/view.php?id=CVE-2022-1302
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. En el MZ Automation LibIEC61850 en versiones anteriores a 1.5.1 un atacante no autenticado puede diseñar un mensaje de ganso, lo que puede resultar en una denegación de servicio • https://libiec61850.com/new-release-1-5-1-of-libiec61850 • CWE-20: Improper Input Validation •
CVE-2021-45769
https://notcve.org/view.php?id=CVE-2021-45769
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. Una desreferencia del puntero NULL en la función AcseConnection_parseMessage en el archivo src/mms/iso_acse/acse.c de libiec61850 versión v1.5.0, puede conllevar a un fallo de segmentación o un fallo de la aplicación • https://github.com/mz-automation/libiec61850/issues/368 • CWE-476: NULL Pointer Dereference •
CVE-2020-15158 – Heap buffer overflow in libIEC61850
https://notcve.org/view.php?id=CVE-2020-15158
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. • https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb https://github.com/mz-automation/libiec61850/issues/250 https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2020-7054
https://notcve.org/view.php?id=CVE-2020-7054
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. La función MmsValue_decodeMmsData en el archivo mms/iso_mms/server/mms_access_result.c en libIEC61850 versión 1.4.0, presenta un desbordamiento de búfer en la región heap de la memoria cuando se analiza el tipo de datos MMS_BIT_STRING. • https://github.com/mz-automation/libiec61850/issues/200 • CWE-787: Out-of-bounds Write •