Vulnerabilities > CVE-2018-19185 - Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 1.3

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mz-automation
CWE-787
critical
NVD
Published: 2018-11-12
Updated: 2020-08-24

Summary

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector.

Vulnerable Configurations

Part Description Count
Application
Mz-Automation
1

Common Weakness Enumeration (CWE)

References