CVE-2020-15158

Heap buffer overflow in libIEC61850

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.

En libIEC61850 versiones anteriores a 1.4.3, cuando un mensaje es recibido con un campo de longitud de mensaje COTP con valor menor a 4, se producirá un subdesbordamiento de enteros conllevando a un desbordamiento del búfer en la pila. Esto puede causar un bloqueo de la aplicación o, en algunas plataformas, inclusive una ejecución de código remota. Si su aplicación es utilizada en redes abiertas o si existen nodos en la red que no son confiables, se recomienda altamente aplicar el parche. Esto fue parcheado con el commit 033ab5b. Los usuarios de la versión 1.4.x deben actualizar a la versión 1.4.3 cuando esté disponible. Como solución alternativa, los cambios de commit 033ab5b pueden ser aplicados a versiones anteriores

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-25 CVE Reserved
2020-08-26 CVE Published
2024-08-04 CVE Updated
2024-08-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow
CWE-191: Integer Underflow (Wrap or Wraparound)

CAPEC

References (3)

URL	Tag	Source
https://github.com/mz-automation/libiec61850/issues/250	Third Party Advisory
https://github.com/mz-automation/libiec61850/security/advisories/GHSA-pq77-fmf7-hjw8	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/mz-automation/libiec61850/commit/033ab5b6488250c8c3b838f25a7cbc3e099230bb	2021-11-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mz-automation Search vendor "Mz-automation"		Libiec61850 Search vendor "Mz-automation" for product "Libiec61850"				>= 1.4.0 < 1.4.3 Search vendor "Mz-automation" for product "Libiec61850" and version " >= 1.4.0 < 1.4.3"		-		Affected