The affected libraries have been patched.
Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.The affected libraries have been patched.
CVE-2023-38239
The affected libraries have been patched.
Finding the Vulnerability
An attacker could exploit this vulnerability by sending a specially crafted packet to the affected libraries.
Hardware requirements
The patch to these libraries requires an updated ICU (International Components for Unicode) package that is not available from the vendor. However, one can find a modified version of the patched ICU package on the Internet.
Timeline
Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/21/2022 16:51:00 UTC