CVE-2022-1302

Published: Apr 12, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.

Affected (1)

Products: Mz Automation: Libiec61850

Mz Automation

1 product

Libiec61850

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mz Automation Libiec61850	Before 1.5.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://libiec61850.com/new-release-1-5-1-of-libiec61850/

Source: info@cert.vde.com

Release NotesVendor Advisory

https://libiec61850.com/new-release-1-5-1-of-libiec61850/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.