All the vulnerabilites related to siemens - sicam_s8000
Vulnerability from fkie_nvd
Published
2024-09-18 19:15
Modified
2024-09-25 17:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new | Release Notes | |
| cve@mitre.org | https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trianglemicroworks | iec_61850_source_code_library | * | |
| siemens | sicam_a8000_firmware | * | |
| siemens | sicam_a8000 | - | |
| siemens | sicam_scc_firmware | * | |
| siemens | sicam_scc | - | |
| siemens | sicam_egs_firmware | * | |
| siemens | sicam_egs | - | |
| siemens | sicam_s8000 | * | |
| siemens | sitipe_at | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3253ACC-02E5-4AFD-AAA0-2F47E5AD3D26",
"versionEndExcluding": "12.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA612FA-5E60-4278-A7A3-9C28E5857AD8",
"versionEndExcluding": "05.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF612C4-56F9-4946-86E5-6D7C309E195F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1760C8BA-E26C-48BD-8733-801C5245B1D0",
"versionEndExcluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26100EEE-4859-41BD-83A8-F2D57FC3F5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8AAD69-99AA-48C7-AD40-431FC65085AC",
"versionEndExcluding": "05.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B926004A-C343-4C15-9AF4-32C1B4EEEEB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48484B01-98F1-41CB-876D-5DE76E65E7B2",
"versionEndExcluding": "05.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A83D1DC-FCF0-4E05-BF26-CFDFAC4A2513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service."
},
{
"lang": "es",
"value": "Las librer\u00edas de c\u00f3digo fuente de Triangle Microworks TMW IEC 61850 Client anteriores a la versi\u00f3n 12.2.0 carecen de una comprobaci\u00f3n del tama\u00f1o del b\u00fafer al procesar los mensajes recibidos. El desbordamiento del b\u00fafer resultante puede provocar un bloqueo, lo que da como resultado una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-34057",
"lastModified": "2024-09-25T17:08:16.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-18T19:15:40.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
cve-2024-34057
Vulnerability from cvelistv5
Published
2024-09-18 00:00
Modified
2024-09-19 14:21
Severity ?
EPSS score ?
Summary
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iec_61850_client_source_code_library",
"vendor": "trianglemicroworks",
"versions": [
{
"lessThan": "12.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:17:19.898121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:21:28.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:54:44.376801",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34057",
"datePublished": "2024-09-18T00:00:00",
"dateReserved": "2024-04-30T00:00:00",
"dateUpdated": "2024-09-19T14:21:28.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}