Alice-And-Bob

#12495of 53,632
21.8Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2024-7570
7.8
2024-03-20
Unknown · Libiec61850 · CVE-2024-28286
**Name of the Vulnerable Software and Affected Versions** libiec61850 version 1.4.0 **Description** A NULL Pointer Dereference issue was detected in the `mmsServer handleFileCloseRequest.c` function of `src/mms/iso mms/server/mms file service.c`, which can cause the application to crash due to a SEGV. The vulnerability is related to pointer dereference errors in the libIEC61850 library. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For libiec61850 version 1.4.0, as a temporary workaround, consider disabling the `mmsServer handleFileCloseRequest.c` function until a patch is available. Restrict access to the `mms file service.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-20903
6.2
2024-02-20
Unknown · Libiec61850 · CVE-2024-25366
**Name of the Vulnerable Software and Affected Versions** libiec61850 versions 1.4.0 **Description** The issue allows a remote attacker to cause a denial of service via the `mmsServer handleGetNameListRequest` function to the `mms getnamelist service` component. **Recommendations** For version 1.4.0, consider disabling the `mmsServer handleGetNameListRequest` function as a temporary workaround until a patch is available. Restrict access to the `mms getnamelist service` component to minimize the risk of exploitation.
PT-2024-7568
7.8
2024-02-19
Unknown · Libiec61850 · CVE-2024-26529
**Name of the Vulnerable Software and Affected Versions** libiec61850 versions 1.5.3 and earlier **Description** The issue is related to the `mmsServer handleDeleteNamedVariableListRequest()` function in the libIEC61850 library, which is associated with incorrect resource cleanup or deallocation. This can be exploited by a remote attacker to cause a denial of service (DoS). The vulnerability is related to the `mms named variable list service.c` file in the `src/mms/iso mms/server` directory. **Recommendations** For libiec61850 versions 1.5.3 and earlier, as a temporary workaround, consider disabling the `mmsServer handleDeleteNamedVariableListRequest()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.