CVE-2024-34057

EPSS 0.17%
Veröffentlicht 18.09.2024 19:15:40
Zuletzt bearbeitet 25.09.2024 17:08:16
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trianglemicroworks ≫ Iec 61850 Source Code Library Version < 12.2.0

Siemens ≫ Sicam A8000 Firmware Version < 05.30

Siemens ≫ Sicam A8000 Version-

Siemens ≫ Sicam Scc Firmware Version < 10.0

Siemens ≫ Sicam Scc Version-

Siemens ≫ Sicam Egs Firmware Version < 05.30

Siemens ≫ Sicam Egs Version-

Siemens ≫ Sicam S8000 Version < 05.30

Siemens ≫ Sitipe At

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.39

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new

Release Notes

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-34057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34057

EUVD