CVE-2024-34057

Published Sep 18, 2024

Last updated 2 months ago

CVSS high 7.5

Overview

Description: Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-120
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3253ACC-02E5-4AFD-AAA0-2F47E5AD3D26",
            "versionEndExcluding": "12.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EA612FA-5E60-4278-A7A3-9C28E5857AD8",
            "versionEndExcluding": "05.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5BF612C4-56F9-4946-86E5-6D7C309E195F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1760C8BA-E26C-48BD-8733-801C5245B1D0",
            "versionEndExcluding": "10.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26100EEE-4859-41BD-83A8-F2D57FC3F5C1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D8AAD69-99AA-48C7-AD40-431FC65085AC",
            "versionEndExcluding": "05.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B926004A-C343-4C15-9AF4-32C1B4EEEEB2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48484B01-98F1-41CB-876D-5DE76E65E7B2",
            "versionEndExcluding": "05.30"
          },
          {
            "criteria": "cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A83D1DC-FCF0-4E05-BF26-CFDFAC4A2513"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References