PT-2024-20903 · Unknown · Libiec61850
Alice-And-Bob
·
Published
2024-02-20
·
Updated
2024-08-16
·
CVE-2024-25366
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libiec61850 versions 1.4.0
Description
The issue allows a remote attacker to cause a denial of service via the
mmsServer handleGetNameListRequest function to the mms getnamelist service component.Recommendations
For version 1.4.0, consider disabling the
mmsServer handleGetNameListRequest function as a temporary workaround until a patch is available.
Restrict access to the mms getnamelist service component to minimize the risk of exploitation.Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libiec61850