Mzillgit

**Name of the Vulnerable Software and Affected Versions** LibIEC61850 versions before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc **Description** The issue is related to multiple buffer overflows in the MMS Client of LibIEC61850. A malicious server can cause a stack-based buffer overflow via the MMS FileDirResponse message. This can be exploited by a malicious server. **Recommendations** For versions before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc, update to a version that includes the fix for the buffer overflow vulnerabilities. As a temporary workaround, consider restricting access to the MMS Client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MZ Automation libiec61850 versions up to 1.4 **Description** A critical issue has been found in the MMS File Services component, specifically affecting the file src/mms/iso mms/client/mms client files.c. The manipulation of the `filename` argument leads to path traversal. Upgrading to version 1.5 addresses this issue. **Recommendations** For MZ Automation libiec61850 versions up to 1.4, upgrade to version 1.5 to resolve the issue. As a temporary workaround, consider restricting access to the `mms client files.c` file until the upgrade is applied.