Vulnerabilities > MZ Automation

DATE CVE VULNERABILITY TITLE RISK
2023-04-13 CVE-2023-27772 Improper Check for Unusual or Exceptional Conditions vulnerability in Mz-Automation Libiec61850 1.5.1
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.
network
low complexity
mz-automation CWE-754
7.5
2023-02-24 CVE-2023-23205 Memory Leak vulnerability in Mz-Automation Lib60870 2.3.2
An issue was discovered in lib60870 v2.3.2.
local
low complexity
mz-automation CWE-401
5.5
2022-11-13 CVE-2022-3976 Unspecified vulnerability in Mz-Automation Libiec61850
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical.
low complexity
mz-automation
8.8
2022-09-23 CVE-2022-2970 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
network
low complexity
mz-automation CWE-787
critical
9.8
2022-09-23 CVE-2022-2971 Type Confusion vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
network
low complexity
mz-automation CWE-843
7.5
2022-09-23 CVE-2022-2972 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
network
low complexity
mz-automation CWE-787
critical
9.8
2022-09-23 CVE-2022-2973 NULL Pointer Dereference vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations.
network
low complexity
mz-automation CWE-476
7.5
2022-04-15 CVE-2022-21159 Infinite Loop vulnerability in Mz-Automation Libiec61850 1.5.0
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0.
network
low complexity
mz-automation CWE-835
7.5
2022-04-12 CVE-2022-1302 Unspecified vulnerability in Mz-Automation Libiec61850
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
network
low complexity
mz-automation
7.5
2022-01-14 CVE-2021-45769 NULL Pointer Dereference vulnerability in Mz-Automation Libiec61850 1.5.0
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.
network
low complexity
mz-automation CWE-476
7.5