Vulnerability CVE-2019-6136


Published: 2019-01-11

Description:
An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Mz-automation
Product: Libiec61850 
Version: 1.3.1;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://github.com/mz-automation/libiec61850/issues/105

Related CVE
CVE-2019-6719
An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_exam...
CVE-2019-6138
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common...
CVE-2019-6137
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.
CVE-2019-6135
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory leak when called from Asn1PrimitiveValue_create in mms/asn1/asn1_ber_primitive_value.c, as demonstrated by goose_publisher_example.c and iec61850_9_2...
CVE-2018-19185
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the...
CVE-2018-19122
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
CVE-2018-19121
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
CVE-2018-19093
** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_exa...

Copyright 2019, cxsecurity.com

 

Back to Top