Libiec61850

libiec61850

Vendor: Mz Automation • 35 CVEs

CVEs (35)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45971 1Mz Automation 1Libiec61850 Oct 1, 2025 Nov 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse...Show more Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.Show less
CVE-2024-45970 1Mz Automation 1Libiec61850 Oct 1, 2025 Nov 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse...Show more Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.Show less
CVE-2024-36702 1Mz Automation 1Libiec61850 Jun 18, 2025 Jun 11, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
CVE-2024-28286 1Mz Automation 1Libiec61850 Jun 2, 2025 Mar 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes...Show more In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crashShow less
CVE-2024-26529 1Mz Automation 1Libiec61850 Jun 10, 2025 Mar 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_va...Show more An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c.Show less
CVE-2024-25366 1Mz Automation 1Libiec61850 Apr 2, 2025 Feb 20, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
CVE-2023-27772 1Mz Automation 1Libiec61850 Feb 7, 2025 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.
CVE-2022-3976 1Mz Automation 1Libiec61850 Nov 21, 2024 Nov 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Se...Show more A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.Show less
CVE-2022-2973 1Mz Automation 1Libiec61850 Nov 21, 2024 Sep 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.
CVE-2022-2972 1Mz Automation 1Libiec61850 Nov 21, 2024 Sep 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device...Show more MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.Show less
CVE-2022-2971 1Mz Automation 1Libiec61850 Nov 21, 2024 Sep 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server...Show more MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.Show less
CVE-2022-2970 1Mz Automation 1Libiec61850 Nov 21, 2024 Sep 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device...Show more MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.Show less
CVE-2022-21159 1Mz Automation 1Libiec61850 Nov 21, 2024 Apr 15, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker c...Show more A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.Show less
CVE-2022-1302 1Mz Automation 1Libiec61850 Nov 21, 2024 Apr 12, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
CVE-2021-45769 1Mz Automation 1Libiec61850 Nov 21, 2024 Jan 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.
CVE-2020-15158 1Mz Automation 1Libiec61850 Nov 21, 2024 Aug 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on so...Show more In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.Show less
CVE-2020-7054 1Mz Automation 1Libiec61850 Nov 21, 2024 Jan 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
CVE-2019-19958 1Mz Automation 1Libiec61850 Nov 21, 2024 Dec 24, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.
CVE-2019-19957 1Mz Automation 1Libiec61850 Nov 21, 2024 Dec 24, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.
CVE-2019-19944 1Mz Automation 1Libiec61850 Nov 21, 2024 Dec 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos.

12 Next