CVE-2022-2970 Information

Description

MZ Automation’s libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used which could allow an attacker to crash the device or remotely execute arbitrary code.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-251-01