This issue was discovered by Brandon Wilson of Rapid7 and reported to libIEC61850 maintainers on 15 October 2018. The libIEC61850 team released version 1.5.0 to address this issue on 7 November 2018.

libIEC61850 is used by over 400 different devices, many of which are internet-connected, such as smart TVs, home gateways, routers, and etc. To protect yourself against this vulnerability, libIEC61850 users are advised to upgrade to 1.5.0 or later as soon as possible. Internet-connected devices running libIEC61850 prior to 1.5.0 are vulnerable.
Affected Devices: libIEC61850 is used by over 400 different devices, many of which are internet-connected, such as smart TVs, home gateways, routers, and etc. To protect yourself against this vulnerability, libIEC61850 users are advised to upgrade to 1.5.0 or later as soon as possible. Internet-connected devices running libIEC61850 prior to 1.5.0 are vulnerable. Mitigations: Upgrade to 1.5.0 or later as soon as possible.

IEC 61850 Message Exchange Specification

Message Exchange Specification (MES) is a set of messages and their meanings that can be used to exchange data between devices, such as firewalls, routers, and other network devices. libIEC61850 is an implementation of MES for the Internet Protocol Suite that is used by over 400 different devices, many of which are internet-connected, such as smart TVs, home gateways, routers, and etc.
Some MES messages are defined in RFCs while others have been defined by vendors and organizations other than the IETF. In general the implementation of MES provides mechanisms needed to exchange information between systems in order to implement protocols needed at layer 3 or above.

CVE-2023-2973

This issue was discovered by Brandon Wilson of Rapid7 and reported to libIEC61850 maintainers on 1 November 2018.

libIEC61850 is used by over 400 different devices, many of which are internet-connected, such as smart TVs, home gateways, routers, and etc. To protect yourself against this vulnerability, libIEC61850 users are advised to upgrade to 1.5.0 or later as soon as possible. Internet-connected devices running libIEC61850 prior to 1.5.0 are vulnerable. Mitigations: Upgrade to 1.5.0 or later as soon as possible.
Affected Devices: libIEC61850 is used by over 400 different devices, many of which are internet-connected, such as smart TVs, home gateways, routers, and etc. To protect yourself against this vulnerability, libIEC61850 users are advised to upgrade to 1.5.0 or later as soon as possible. Internet-connected devices running libIEC61850 prior to 1.5.0 are vulnerable

What is libIEC61850? libIEC61850 is a software library that provides an interface to the international 6-18V electrical and data communication standards used by many devices such as home automation, routers, and etc.

Description of libIEC61850 libIEC61850 is a library that provides an interface to the 18B+C+D Programming Language Interface Standard. The next generation of libIEC61850 will be version 2.0.


The provider's name is "Libimobiledevice" and the affected version is "1.6-Alpha".

Timeline

Published on: 09/23/2022 16:15:00 UTC
Last modified on: 09/26/2022 22:42:00 UTC

References