Albert Spruyt

**Name of the Vulnerable Software and Affected Versions** MZ Automation LibIEC1850 versions before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 **Description** A NULL pointer dereference in the MMS Client of MZ Automation LibIEC1850 allows a malicious server to cause a Denial-of-Service via the MMS InitiationResponse message. This issue can be exploited by a malicious server, leading to a denial-of-service condition. **Recommendations** For versions before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the MMS Client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MZ Automation LibIEC61850 versions before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 **Description** The issue is related to multiple buffer overflows in the MMS Client of MZ Automation LibIEC61850. A malicious server can cause a stack-based buffer overflow via the MMS IdentifyResponse message, potentially leading to remote code execution and system compromise. **Recommendations** For versions before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the MMS Client to minimize the risk of exploitation.