Vulnerabilities > MZ Automation > Libiec61850 > 1.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-13 | CVE-2022-3976 | Unspecified vulnerability in Mz-Automation Libiec61850 A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. low complexity mz-automation | 8.8 |
| 2022-09-23 | CVE-2022-2970 | Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code. | 9.8 |
| 2022-09-23 | CVE-2022-2971 | Type Confusion vulnerability in Mz-Automation Libiec61850 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload. | 7.5 |
| 2022-09-23 | CVE-2022-2972 | Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. | 9.8 |
| 2022-09-23 | CVE-2022-2973 | NULL Pointer Dereference vulnerability in Mz-Automation Libiec61850 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. | 7.5 |
| 2022-04-12 | CVE-2022-1302 | Unspecified vulnerability in Mz-Automation Libiec61850 In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | 7.5 |
| 2020-08-26 | CVE-2020-15158 | Integer Underflow (Wrap or Wraparound) vulnerability in Mz-Automation Libiec61850 In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. | 9.8 |
| 2020-01-14 | CVE-2020-7054 | Out-of-bounds Write vulnerability in Mz-Automation Libiec61850 MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | 8.8 |
| 2019-12-24 | CVE-2019-19958 | Allocation of Resources Without Limits or Throttling vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | 6.5 |
| 2019-12-24 | CVE-2019-19957 | Out-of-bounds Read vulnerability in Mz-Automation Libiec61850 1.4.0 In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength. | 6.5 |