Vulnerabilities > MZ Automation > Libiec61850 > 1.4.2.1

DATE CVE VULNERABILITY TITLE RISK
2022-11-13 CVE-2022-3976 Unspecified vulnerability in Mz-Automation Libiec61850
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical.
low complexity
mz-automation
8.8
2022-09-23 CVE-2022-2970 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
network
low complexity
mz-automation CWE-787
critical
9.8
2022-09-23 CVE-2022-2971 Type Confusion vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
network
low complexity
mz-automation CWE-843
7.5
2022-09-23 CVE-2022-2972 Out-of-bounds Write vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
network
low complexity
mz-automation CWE-787
critical
9.8
2022-09-23 CVE-2022-2973 NULL Pointer Dereference vulnerability in Mz-Automation Libiec61850
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations.
network
low complexity
mz-automation CWE-476
7.5
2022-04-12 CVE-2022-1302 Unspecified vulnerability in Mz-Automation Libiec61850
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
network
low complexity
mz-automation
7.5
2020-08-26 CVE-2020-15158 Integer Underflow (Wrap or Wraparound) vulnerability in Mz-Automation Libiec61850
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow.
network
low complexity
mz-automation CWE-191
critical
9.8