Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal
Vulnerability Description
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Mz Automation Libiec61850 路径遍历漏洞
Vulnerability Description
Mz Automation Libiec61850是Mz Automation公司的一个IEC 61850协议的开源库。 Mz Automation Libiec61850 1.4及之前版本存在路径遍历漏洞,该漏洞源于MMS File Services组件的src/mms/iso_mms/client/mms_client_files.c文件中的未知代码受到影响,对参数文件名的操作会导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A