PT-2022-14891 · Unknown+1 · Libiec61850+1
Jared Rittle
·
Published
2022-04-15
·
Updated
2024-08-19
·
CVE-2022-21159
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libiec61850 version 1.5.0
Description
A denial of service issue exists in the parseNormalModeParameters functionality. It can be triggered by a specially-crafted series of network requests, allowing an attacker to send a sequence of malformed iec61850 messages to cause a denial of service.
Recommendations
For version 1.5.0, consider temporarily disabling the parseNormalModeParameters functionality until a patch is available to prevent exploitation. Restrict access to the network to minimize the risk of receiving malformed iec61850 messages.
Exploit
Fix
DoS
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Libiec61850