CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.

Another vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 9a9e78932c3bc1d2764a5d8c83a0cf3c3b75ad3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213557.

Furthermore, another vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is a5c5b5e5d5a5a8d977b7003a3a5bd5d0c8f50e5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213558.

Furthermore

MZ Automation Libtiec-6018D:

Product and Affected Components
-CVE-2022-3976: An unknown vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 9a9e78932c3bc1d2764a5d8c83a0cf3c3b75ad3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213557.-
-CVE-2022-3977: An unknown vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/webui2xlcombo_filebrowser_spsystemviewer_spsystemviewerwizardcopyformactionshortcutspart1of2of2of2of2of2of2of2of2of2copypasteforwizardcopyformactionshortcutspart1of2of3ofthetwoformUploadSPSystemViewerPageSpecificationPageSpec

Timeline

Published on: 11/13/2022 14:15:00 UTC
Last modified on: 11/18/2022 21:05:00 UTC

References

• https://github.com/mz-automation/libiec61850
• https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f
• https://vuldb.com/?id.213556
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3976