CVE-2022-2970

Summary

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
MZ AutomationlibIEC61850All <= 1.4affected
MZ AutomationlibIEC61850Version 1.5 < Commit: a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10eaffected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References