CVE-2022-38138

Name of the Vulnerable Software and Affected Versions Triangle Microworks IEC 61850 Library versions 11.2.0 and earlier Triangle Microworks IEC 61850 Library (C++, C#, or Java language library) versions 5.0.1 and earlier Triangle Microworks 60870-6 (ICCP/TASE.2) Library (C++ language library) versions 4.4.3 and earlier

Description The issue is related to access given to a small number of uninitialized pointers within the code of the libraries. This could allow an attacker to target any client or server using the affected libraries, potentially causing a denial-of-service condition. The vulnerability can be exploited by a remote attacker.

Recommendations For Triangle Microworks IEC 61850 Library versions 11.2.0 and earlier, consider updating to a version later than 11.2.0 to resolve the issue. For Triangle Microworks IEC 61850 Library (C++, C#, or Java language library) versions 5.0.1 and earlier, consider updating to a version later than 5.0.1 to resolve the issue. For Triangle Microworks 60870-6 (ICCP/TASE.2) Library (C++ language library) versions 4.4.3 and earlier, consider updating to a version later than 4.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the affected libraries to minimize the risk of exploitation.