SecuriTricks - CVE-2024-34057

Description

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

Product(s) Impacted

Vendor	Product	Versions
Trianglemicroworks	Iec 61850 Source Code Library	*
Siemens	Sicam A8000 Firmware Sicam A8000 Sicam Scc Firmware Sicam Scc Sicam Egs Firmware Sicam Egs Sicam S8000 Sitipe At	* - * - * - * *

Weaknesses

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	trianglemicroworks	iec_61850_source_code_library	/	/	/	/	/	/	/	/
o	siemens	sicam_a8000_firmware	/	/	/	/	/	/	/	/
h	siemens	sicam_a8000	-	/	/	/	/	/	/	/
o	siemens	sicam_scc_firmware	/	/	/	/	/	/	/	/
h	siemens	sicam_scc	-	/	/	/	/	/	/	/
o	siemens	sicam_egs_firmware	/	/	/	/	/	/	/	/
h	siemens	sicam_egs	-	/	/	/	/	/	/	/
a	siemens	sicam_s8000	/	/	/	/	/	/	/	/
a	siemens	sitipe_at	/	/	/	/	/	/	/	/

References

https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16

CVSS Score

7.5 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Date

Published: Sept. 18, 2024, 7:15 p.m.
Last Modified: Sept. 25, 2024, 5:08 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2024-34057