CVE-2022-2972

Name of the Vulnerable Software and Affected Versions MZ Automation's libIEC61850 versions 1.4 and prior MZ Automation's libIEC61850 version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e

Description The issue is related to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code. This is due to a buffer overflow vulnerability when reading data beyond the buffer boundaries in memory. An attacker could exploit this vulnerability to execute arbitrary code remotely.

Recommendations For versions 1.4 and prior, update to a version after commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e to resolve the issue. For version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e, apply the changes from commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e to fix the buffer overflow vulnerability. As a temporary workaround, consider restricting access to the library to minimize the risk of exploitation until a patch is available.