CVE-2022-21159

Published: Apr 15, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.

Affected (1)

Products: Mz Automation: Libiec61850

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mz Automation Libiec61850	Version 1.5.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721

Source: talos-cna@cisco.com

PatchThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://github.com/mz-automation/libiec61850/commit/cfa94cbf10302bedc779703f874ee2e8387a0721

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1467

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1467

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.