PT-2024-7568 · Unknown · Libiec61850
Alice-And-Bob
·
Published
2024-02-19
·
Updated
2025-06-10
·
CVE-2024-26529
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
libiec61850 versions 1.5.3 and earlier
Description
The issue is related to the
mmsServer handleDeleteNamedVariableListRequest() function in the libIEC61850 library, which is associated with incorrect resource cleanup or deallocation. This can be exploited by a remote attacker to cause a denial of service (DoS). The vulnerability is related to the mms named variable list service.c file in the src/mms/iso mms/server directory.Recommendations
For libiec61850 versions 1.5.3 and earlier, as a temporary workaround, consider disabling the
mmsServer handleDeleteNamedVariableListRequest() function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libiec61850