Vulnerabilities > CVE-2021-45773 - NULL Pointer Dereference vulnerability in Mz-Automation Lib60870

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

mz-automation

CWE-476

NVD

Published: 2022-01-14

Updated: 2022-01-22

Summary

A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

Vulnerable Configurations

Part	Description	Count
Application	Mz-Automation MZ Automation Lib60870 0.9.4 MZ Automation Lib60870 2.0.0 MZ Automation Lib60870 2.0.1 MZ Automation Lib60870 2.1.0 MZ Automation Lib60870 2.1.1 MZ Automation Lib60870 2.2.0 MZ Automation Lib60870 2.2.1 MZ Automation Lib60870 2.3.0	8

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/mz-automation/lib60870/issues/100