CVE-2024-34057

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34057
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*
History

25 Sep 2024, 17:08

Type Values Removed Values Added
CWE CWE-120
First Time Siemens sicam Scc
Trianglemicroworks
Siemens sicam A8000
Siemens sicam Egs Firmware
Siemens sicam Scc Firmware
Siemens sitipe At
Siemens sicam S8000
Siemens sicam A8000 Firmware
Trianglemicroworks iec 61850 Source Code Library
Siemens
Siemens sicam Egs
CPE cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References () https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new - () https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new - Release Notes
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 - Third Party Advisory, US Government Resource

18 Sep 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-18 19:15

Updated : 2024-09-25 17:08

NVD link : CVE-2024-34057

Mitre link : CVE-2024-34057

JSON object : View

Products Affected

trianglemicroworks

  • iec_61850_source_code_library

siemens

  • sicam_scc
  • sicam_egs_firmware
  • sicam_a8000
  • sitipe_at
  • sicam_scc_firmware
  • sicam_egs
  • sicam_a8000_firmware
  • sicam_s8000
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')