Search criteria
6 vulnerabilities by MZ Automation
CVE-2022-3976 (GCVE-0-2022-3976)
Vulnerability from cvelistv5 – Published: 2022-11-13 00:00 – Updated: 2025-04-15 13:14
VLAI?
Title
MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal
Summary
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.
Severity ?
5.5 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MZ Automation | libiec61850 |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mz-automation/libiec61850"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.213556"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:05:15.903127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:14:35.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libiec61850",
"vendor": "MZ Automation",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-13T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/mz-automation/libiec61850"
},
{
"url": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f"
},
{
"url": "https://vuldb.com/?id.213556"
}
],
"title": "MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3976",
"datePublished": "2022-11-13T00:00:00.000Z",
"dateReserved": "2022-11-13T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:14:35.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2970 (GCVE-0-2022-2970)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:28 – Updated: 2025-04-16 16:09
VLAI?
Title
MZ Automation libIEC61850 Stack-Based Buffer Overflow
Summary
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MZ Automation | libIEC61850 |
Affected:
All , ≤ 1.4
(custom)
Affected: Version 1.5 , < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:26.792707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:09:17.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libIEC61850",
"vendor": "MZ Automation",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "All",
"versionType": "custom"
},
{
"lessThan": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e",
"status": "affected",
"version": "Version 1.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:28:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
},
"title": "MZ Automation libIEC61850 Stack-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-08T17:00:00.000Z",
"ID": "CVE-2022-2970",
"STATE": "PUBLIC",
"TITLE": "MZ Automation libIEC61850 Stack-Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libIEC61850",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.4"
},
{
"version_affected": "\u003c",
"version_name": "Version 1.5",
"version_value": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e"
}
]
}
}
]
},
"vendor_name": "MZ Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
]
},
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2970",
"datePublished": "2022-09-23T15:28:55.529Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:09:17.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2972 (GCVE-0-2022-2972)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:28 – Updated: 2025-04-16 16:09
VLAI?
Title
MZ Automation libIEC61850 Stack-Based Buffer Overflow
Summary
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MZ Automation | libIEC61850 |
Affected:
All , ≤ 1.4
(custom)
Affected: Version 1.5 , < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:29.999825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:09:24.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libIEC61850",
"vendor": "MZ Automation",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "All",
"versionType": "custom"
},
{
"lessThan": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e",
"status": "affected",
"version": "Version 1.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:28:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
},
"title": "MZ Automation libIEC61850 Stack-Based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-08T17:00:00.000Z",
"ID": "CVE-2022-2972",
"STATE": "PUBLIC",
"TITLE": "MZ Automation libIEC61850 Stack-Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libIEC61850",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.4"
},
{
"version_affected": "\u003c",
"version_name": "Version 1.5",
"version_value": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e"
}
]
}
}
]
},
"vendor_name": "MZ Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
]
},
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2972",
"datePublished": "2022-09-23T15:28:50.991Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:09:24.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2971 (GCVE-0-2022-2971)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:28 – Updated: 2025-04-16 16:09
VLAI?
Title
MZ Automation libIEC61850 Access of Resource Using Incompatible Type ('Type Confusion')
Summary
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.
Severity ?
8.6 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MZ Automation | libIEC61850 |
Affected:
All , ≤ 1.4
(custom)
Affected: Version 1.5 , < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:11.772481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:09:31.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libIEC61850",
"vendor": "MZ Automation",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "All",
"versionType": "custom"
},
{
"lessThan": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e",
"status": "affected",
"version": "Version 1.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:28:48.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
},
"title": "MZ Automation libIEC61850 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-08T17:00:00.000Z",
"ID": "CVE-2022-2971",
"STATE": "PUBLIC",
"TITLE": "MZ Automation libIEC61850 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libIEC61850",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.4"
},
{
"version_affected": "\u003c",
"version_name": "Version 1.5",
"version_value": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e"
}
]
}
}
]
},
"vendor_name": "MZ Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
]
},
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2971",
"datePublished": "2022-09-23T15:28:48.033Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:09:31.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2973 (GCVE-0-2022-2973)
Vulnerability from cvelistv5 – Published: 2022-09-23 15:28 – Updated: 2025-04-16 16:09
VLAI?
Title
MZ Automation libIEC61850 NULL Pointer Dereference
Summary
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server.
Severity ?
8.6 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MZ Automation | libIEC61850 |
Affected:
All , ≤ 1.4
(custom)
Affected: Version 1.5 , < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:16.892261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:09:39.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libIEC61850",
"vendor": "MZ Automation",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "All",
"versionType": "custom"
},
{
"lessThan": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e",
"status": "affected",
"version": "Version 1.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T15:28:44.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
],
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
},
"title": "MZ Automation libIEC61850 NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-08T17:00:00.000Z",
"ID": "CVE-2022-2973",
"STATE": "PUBLIC",
"TITLE": "MZ Automation libIEC61850 NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libIEC61850",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "1.4"
},
{
"version_affected": "\u003c",
"version_name": "Version 1.5",
"version_value": "Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e"
}
]
}
}
]
},
"vendor_name": "MZ Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MZ Automation\u0027s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) uses a NULL pointer in certain situations. which could allow an attacker to crash the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01"
}
]
},
"source": {
"advisory": "ICSA-22-251-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2973",
"datePublished": "2022-09-23T15:28:44.503Z",
"dateReserved": "2022-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:09:39.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1302 (GCVE-0-2022-1302)
Vulnerability from cvelistv5 – Published: 2022-04-12 07:30 – Updated: 2024-09-16 18:02
VLAI?
Title
Malformed Goose Message in LibIEC61850 may result in a denial of service
Summary
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MZ Automation | libIEC61850 |
Affected:
unspecified , < 1.5.1
(custom)
|
Credits
This Vulnerability was discovered by m1etz.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libiec61850.com/new-release-1-5-1-of-libiec61850/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libIEC61850",
"vendor": "MZ Automation",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This Vulnerability was discovered by m1etz."
}
],
"datePublic": "2022-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T07:30:18",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libiec61850.com/new-release-1-5-1-of-libiec61850/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Malformed Goose Message in LibIEC61850 may result in a denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-11T13:24:00.000Z",
"ID": "CVE-2022-1302",
"STATE": "PUBLIC",
"TITLE": "Malformed Goose Message in LibIEC61850 may result in a denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libIEC61850",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.5.1"
}
]
}
}
]
},
"vendor_name": "MZ Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This Vulnerability was discovered by m1etz."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libiec61850.com/new-release-1-5-1-of-libiec61850/",
"refsource": "CONFIRM",
"url": "https://libiec61850.com/new-release-1-5-1-of-libiec61850/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1302",
"datePublished": "2022-04-12T07:30:18.399338Z",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-09-16T18:02:57.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}