var-202409-0396
Vulnerability from variot
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. Triangle MicroWorks of iec 61850 source code library Classic buffer overflow vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. SICAM 8 Power automation platform is a universal, hardware- and software-based, all-in-one solution for all applications in the field of power supply. SICAM A8000 RTUs (Remote Terminal Units) are modular devices for remote control and automation applications in all areas of energy supply. SICAM EGS (Enhanced Grid Sensor) is a gateway for local substations in distribution networks. SICAM SCC is a process and visualization system for energy automation solutions. SITIPE AT (Automated Testing) is a computer-aided test system for integrating and simplifying functional test procedures for substation automation, remote control and protection panels manufactured by Siemens.
A buffer overflow vulnerability exists in third-party components of Siemens SICAM and SITIPE products. An attacker can exploit this vulnerability to create a denial of service condition by sending a specially crafted MMS message
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam s8000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.30"
},
{
"model": "iec 61850 source code library",
"scope": "lt",
"trust": 1.0,
"vendor": "trianglemicroworks",
"version": "12.2.0"
},
{
"model": "sicam egs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.30"
},
{
"model": "sicam a8000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.30"
},
{
"model": "sitipe at",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sicam scc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "sicam s8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "iec 61850 source code library",
"scope": null,
"trust": 0.8,
"vendor": "triangle microworks",
"version": null
},
{
"model": "sicam a8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam egs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam scc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sitipe at",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "eti5 ethernet int. 1x100tx iec61850",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v05.30"
},
{
"model": "sicam scc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v10.0"
},
{
"model": "sitipe at",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"cve": "CVE-2024-34057",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38012",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34057",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-34057",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-34057",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-34057",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-34057",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-34057",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38012",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. Triangle MicroWorks of iec 61850 source code library Classic buffer overflow vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. SICAM 8 Power automation platform is a universal, hardware- and software-based, all-in-one solution for all applications in the field of power supply. SICAM A8000 RTUs (Remote Terminal Units) are modular devices for remote control and automation applications in all areas of energy supply. SICAM EGS (Enhanced Grid Sensor) is a gateway for local substations in distribution networks. SICAM SCC is a process and visualization system for energy automation solutions. SITIPE AT (Automated Testing) is a computer-aided test system for integrating and simplifying functional test procedures for substation automation, remote control and protection panels manufactured by Siemens. \n\nA buffer overflow vulnerability exists in third-party components of Siemens SICAM and SITIPE products. An attacker can exploit this vulnerability to create a denial of service condition by sending a specially crafted MMS message",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-34057"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "CNVD",
"id": "CNVD-2024-38012"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-34057",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-256-16",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90825867",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-673996",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2024-38012",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"id": "VAR-202409-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
}
],
"trust": 1.1971093
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
}
]
},
"last_update_date": "2024-09-27T20:03:19.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Buffer overflow vulnerability in third-party components of Siemens SICAM and SITIPE products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/590341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16"
},
{
"trust": 1.8,
"url": "https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90825867/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-34057"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-673996.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"date": "2024-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"date": "2024-09-18T19:15:40.777000",
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38012"
},
{
"date": "2024-09-26T01:12:00",
"db": "JVNDB",
"id": "JVNDB-2024-009065"
},
{
"date": "2024-09-25T17:08:16.017000",
"db": "NVD",
"id": "CVE-2024-34057"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Triangle\u00a0MicroWorks\u00a0 of \u00a0iec\u00a061850\u00a0source\u00a0code\u00a0library\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009065"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.