CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45769
https://notcve.org/view.php?id=CVE-2021-45769
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. Una desreferencia del puntero NULL en la función AcseConnection_parseMessage en el archivo src/mms/iso_acse/acse.c de libiec61850 versión v1.5.0, puede conllevar a un fallo de segmentación o un fallo de la aplicación • https://github.com/mz-automation/libiec61850/issues/368 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21778
https://notcve.org/view.php?id=CVE-2021-21778
A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad message processing de ASDU de MZ Automation GmbH lib60870.NET versión 2.2.0. Una petición de red especialmente diseñada puede conllevar a una pérdida de comunicaciones. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1236 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-15158 – Heap buffer overflow in libIEC61850
https://notcve.org/view.php?id=CVE-2020-15158
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. • https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb https://github.com/mz-automation/libiec61850/issues/250 https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7054
https://notcve.org/view.php?id=CVE-2020-7054
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. La función MmsValue_decodeMmsData en el archivo mms/iso_mms/server/mms_access_result.c en libIEC61850 versión 1.4.0, presenta un desbordamiento de búfer en la región heap de la memoria cuando se analiza el tipo de datos MMS_BIT_STRING. • https://github.com/mz-automation/libiec61850/issues/200 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19958
https://notcve.org/view.php?id=CVE-2019-19958
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. En libIEC61850 versión 1.4.0, la función StringUtils_createStringFromBuffer en el archivo common/string_utilities.c presenta un problema con la propiedad signedness de enteros que podría conllevar un intento de asignación excesiva de memoria y una denegación de servicio. • https://github.com/mz-automation/libiec61850/issues/198 • CWE-681: Incorrect Conversion between Numeric Types CWE-770: Allocation of Resources Without Limits or Throttling •