ID

VAR-202409-0396


CVE

CVE-2024-34057


TITLE

Triangle MicroWorks  of  iec 61850 source code library  Classic buffer overflow vulnerabilities in products from multiple vendors

Trust: 0.8

sources: JVNDB: JVNDB-2024-009065

DESCRIPTION

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. Triangle MicroWorks of iec 61850 source code library Classic buffer overflow vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. SICAM 8 Power automation platform is a universal, hardware- and software-based, all-in-one solution for all applications in the field of power supply. SICAM A8000 RTUs (Remote Terminal Units) are modular devices for remote control and automation applications in all areas of energy supply. SICAM EGS (Enhanced Grid Sensor) is a gateway for local substations in distribution networks. SICAM SCC is a process and visualization system for energy automation solutions. SITIPE AT (Automated Testing) is a computer-aided test system for integrating and simplifying functional test procedures for substation automation, remote control and protection panels manufactured by Siemens. A buffer overflow vulnerability exists in third-party components of Siemens SICAM and SITIPE products. An attacker can exploit this vulnerability to create a denial of service condition by sending a specially crafted MMS message

Trust: 2.16

sources: NVD: CVE-2024-34057 // JVNDB: JVNDB-2024-009065 // CNVD: CNVD-2024-38012

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38012

AFFECTED PRODUCTS

vendor:siemensmodel:sicam s8000scope:ltversion:05.30

Trust: 1.0

vendor:trianglemicroworksmodel:iec 61850 source code libraryscope:ltversion:12.2.0

Trust: 1.0

vendor:siemensmodel:sicam egsscope:ltversion:05.30

Trust: 1.0

vendor:siemensmodel:sicam a8000scope:ltversion:05.30

Trust: 1.0

vendor:siemensmodel:sitipe atscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sicam sccscope:ltversion:10.0

Trust: 1.0

vendor:シーメンスmodel:sicam s8000scope: - version: -

Trust: 0.8

vendor:triangle microworksmodel:iec 61850 source code libraryscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sicam a8000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sicam egsscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sicam sccscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sitipe atscope: - version: -

Trust: 0.8

vendor:siemensmodel:eti5 ethernet int. 1x100tx iec61850scope:ltversion:v05.30

Trust: 0.6

vendor:siemensmodel:sicam sccscope:ltversion:v10.0

Trust: 0.6

vendor:siemensmodel:sitipe atscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-38012 // JVNDB: JVNDB-2024-009065 // NVD: CVE-2024-34057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-34057
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-34057
value: HIGH

Trust: 1.0

NVD: CVE-2024-34057
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-38012
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-38012
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-34057
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-34057
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2024-34057
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-38012 // JVNDB: JVNDB-2024-009065 // NVD: CVE-2024-34057 // NVD: CVE-2024-34057

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-009065 // NVD: CVE-2024-34057

PATCH

title:Patch for Buffer overflow vulnerability in third-party components of Siemens SICAM and SITIPE productsurl:https://www.cnvd.org.cn/patchInfo/show/590341

Trust: 0.6

sources: CNVD: CNVD-2024-38012

EXTERNAL IDS

db:NVDid:CVE-2024-34057

Trust: 3.2

db:ICS CERTid:ICSA-24-256-16

Trust: 1.8

db:JVNid:JVNVU90825867

Trust: 0.8

db:JVNDBid:JVNDB-2024-009065

Trust: 0.8

db:SIEMENSid:SSA-673996

Trust: 0.6

db:CNVDid:CNVD-2024-38012

Trust: 0.6

sources: CNVD: CNVD-2024-38012 // JVNDB: JVNDB-2024-009065 // NVD: CVE-2024-34057

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16

Trust: 1.8

url:https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new

Trust: 1.8

url:https://jvn.jp/vu/jvnvu90825867/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-34057

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-673996.html

Trust: 0.6

sources: CNVD: CNVD-2024-38012 // JVNDB: JVNDB-2024-009065 // NVD: CVE-2024-34057

SOURCES

db:CNVDid:CNVD-2024-38012
db:JVNDBid:JVNDB-2024-009065
db:NVDid:CVE-2024-34057

LAST UPDATE DATE

2024-09-27T20:03:19.662000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38012date:2024-09-12T00:00:00
db:JVNDBid:JVNDB-2024-009065date:2024-09-26T01:12:00
db:NVDid:CVE-2024-34057date:2024-09-25T17:08:16.017

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38012date:2024-09-13T00:00:00
db:JVNDBid:JVNDB-2024-009065date:2024-09-26T00:00:00
db:NVDid:CVE-2024-34057date:2024-09-18T19:15:40.777