Lucene search

MitreCVE-2024-34057

HistorySep 18, 2024 - 7:15 p.m.

CVE-2024-34057

2024-09-1819:15:40

CWE-120

mitre

web.nvd.nist.gov

triangle microworks

iec 61850

buffer overflow

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

Affected configurations

Nvd

Node

trianglemicroworksiec_61850_source_code_libraryRange<12.2.0

Node

siemenssicam_a8000_firmwareRange<05.30

AND

siemenssicam_a8000Match-

Node

siemenssicam_scc_firmwareRange<10.0

AND

siemenssicam_sccMatch-

Node

siemenssicam_egs_firmwareRange<05.30

AND

siemenssicam_egsMatch-

Node

siemenssicam_s8000Range<05.30

siemenssitipe_at

VendorProductVersionCPE
trianglemicroworksiec_61850_source_code_library*cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*
siemenssicam_a8000_firmware*cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
siemenssicam_a8000-cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*
siemenssicam_scc_firmware*cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
siemenssicam_scc-cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*
siemenssicam_egs_firmware*cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
siemenssicam_egs-cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*
siemenssicam_s8000*cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
siemenssitipe_at*cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trianglemicroworks	iec_61850_source_code_library	*	cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library::::::::
siemens	sicam_a8000_firmware	*	cpe:2.3:o:siemens:sicam_a8000_firmware::::::::
siemens	sicam_a8000	-	cpe:2.3:h:siemens:sicam_a8000:-:::::::*
siemens	sicam_scc_firmware	*	cpe:2.3:o:siemens:sicam_scc_firmware::::::::
siemens	sicam_scc	-	cpe:2.3:h:siemens:sicam_scc:-:::::::*
siemens	sicam_egs_firmware	*	cpe:2.3:o:siemens:sicam_egs_firmware::::::::
siemens	sicam_egs	-	cpe:2.3:h:siemens:sicam_egs:-:::::::*
siemens	sicam_s8000	*	cpe:2.3:a:siemens:sicam_s8000::::::::
siemens	sitipe_at	*	cpe:2.3:a:siemens:sitipe_at::::::::

References

trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new

www.cisa.gov/news-events/ics-advisories/icsa-24-256-16

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-34057