Unsanitized Input in libIEC61850 Allows Remote Code Execution

Unsanitized Input in libIEC61850 Allows Remote Code Execution

CVE-2022-2970 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.