CVE-2024-34057

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34057
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*
History

25 Sep 2024, 17:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.2 		v2 : unknown
v3 : 7.5
First Time Siemens sicam A8000 Firmware
Trianglemicroworks iec 61850 Source Code Library
Siemens sitipe At
Siemens sicam A8000
Siemens sicam Egs Firmware
Siemens
Siemens sicam Scc
Siemens sicam Egs
Siemens sicam S8000
Siemens sicam Scc Firmware
Trianglemicroworks
References () https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new - () https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new - Release Notes
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 - Third Party Advisory, US Government Resource
CPE cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*

19 Sep 2024, 15:35

Type Values Removed Values Added
CWE CWE-120
Summary
  • (es) Las librerías de código fuente de Triangle Microworks TMW IEC 61850 Client anteriores a la versión 12.2.0 carecen de una comprobación del tamaño del búfer al procesar los mensajes recibidos. El desbordamiento del búfer resultante puede provocar un bloqueo, lo que da como resultado una denegación de servicio.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.2

18 Sep 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-18 19:15

Updated : 2024-09-25 17:08

NVD link : CVE-2024-34057

Mitre link : CVE-2024-34057

CVE.ORG link : CVE-2024-34057

JSON object : View

Products Affected

siemens

  • sitipe_at
  • sicam_egs
  • sicam_a8000_firmware
  • sicam_scc
  • sicam_scc_firmware
  • sicam_a8000
  • sicam_s8000
  • sicam_egs_firmware

trianglemicroworks

  • iec_61850_source_code_library
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')