CVE-2022-38138

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.

La biblioteca IEC 61850 de Triangle Microworks (cualquier cliente o servidor que usando la biblioteca de lenguaje C con un número de versión de 11.2.0 o anterior y cualquier cliente o servidor usando la biblioteca de lenguaje C++, C# o Java con un número de versión de 5.0.1 o anterior) y la biblioteca 60870-6 (ICCP/TASE.2) (cualquier cliente o servidor que utilice una biblioteca de lenguaje C++ con un número de versión de 4.4.3 o anterior) son vulnerables al acceso dado a un pequeño número de punteros no inicializados dentro de su código. Esto podría permitir a un atacante dirigirse a cualquier cliente o servidor que utilice las bibliotecas afectadas para causar una condición de denegación de servicio

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-29 CVE Reserved
2022-10-11 CVE Published
2024-05-03 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-824: Access of Uninitialized Pointer

CAPEC

References (1)

URL	Tag	Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-01	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Trianglemicroworks Search vendor "Trianglemicroworks"		Iec 60870-6 Software Library Search vendor "Trianglemicroworks" for product "Iec 60870-6 Software Library"				-		-		Affected
Trianglemicroworks Search vendor "Trianglemicroworks"		Iec 61850 Software Library Search vendor "Trianglemicroworks" for product "Iec 61850 Software Library"				-		-		Affected