26 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. • https://github.com/mz-automation/libiec61850 https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f https://vuldb.com/?id.213556 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code. MZ Automations libIEC61850 (versiones 1.4 y anteriores; versión 1.5 anterior al commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) no sanea la entrada antes de usar memcpy, lo que podría permitir a un atacante bloquear el dispositivo o ejecutar código arbitrario de forma remota. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. MZ Automations libIEC61850 (versiones 1.4 y anteriores; versión 1.5 anterior al commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) es vulnerable a un desbordamiento de búfer en la región stack de la memoria, que podría permitir a un atacante bloquear el dispositivo o ejecutar código arbitrario de forma remota. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. MZ Automations libIEC61850 (versiones 1.4 y anteriores; versión 1.5 anterior al commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accede a un recurso usando un tipo no compatible, lo que podría permitir a un atacante bloquear el servidor con una carga útil maliciosa. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server. MZ Automations libIEC61850 (versiones 1.4 y anteriores; versión 1.5 anterior al commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) usa un puntero NULL en determinadas situaciones, lo que podría permitir a un atacante bloquear el servidor. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01 • CWE-476: NULL Pointer Dereference •