CVE-2022-3976

Name of the Vulnerable Software and Affected Versions MZ Automation libiec61850 versions up to 1.4

Description A critical issue has been found in the MMS File Services component, specifically affecting the file src/mms/iso mms/client/mms client files.c. The manipulation of the filename argument leads to path traversal. Upgrading to version 1.5 addresses this issue.

Recommendations For MZ Automation libiec61850 versions up to 1.4, upgrade to version 1.5 to resolve the issue. As a temporary workaround, consider restricting access to the mms client files.c file until the upgrade is applied.