Vulnerabilities > MZ Automation > Libiec61850 > 1.3.1

DATE CVE VULNERABILITY TITLE RISK
2022-11-13 CVE-2022-3976 Unspecified vulnerability in Mz-Automation Libiec61850
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical.
low complexity
mz-automation
8.8
2022-09-23 CVE-2022-2970 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
network
low complexity
mz-automation CWE-787
critical
9.8
2022-09-23 CVE-2022-2971 Type Confusion vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
network
low complexity
mz-automation CWE-843
7.5
2022-09-23 CVE-2022-2972 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
network
low complexity
mz-automation CWE-787
critical
9.8
2022-09-23 CVE-2022-2973 NULL Pointer Dereference vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations.
network
low complexity
mz-automation CWE-476
7.5
2022-04-12 CVE-2022-1302 Unspecified vulnerability in Mz-Automation Libiec61850
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
network
low complexity
mz-automation
7.5
2020-01-14 CVE-2020-7054 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
network
low complexity
mz-automation CWE-787
8.8
2019-09-19 CVE-2019-16510 Use After Free vulnerability in Mz-Automation Libiec61850
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.
network
low complexity
mz-automation CWE-416
7.5
2019-07-15 CVE-2019-1010300 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mz-Automation Libiec61850 1.3.0/1.3.1/1.3.2
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow.
network
low complexity
mz-automation CWE-119
7.5
2019-01-23 CVE-2019-6719 Use After Free vulnerability in Mz-Automation Libiec61850 1.3.1
An issue has been found in libIEC61850 v1.3.1.
network
low complexity
mz-automation CWE-416
7.5