CVE-2022-2988 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-2988 PUBLISHED CVSS 7.5 HIGH

The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier) and 60870-6 (ICCP/TASE.2) Library (Any client or server using a C++ language library with a version number of 4.4.3 or earlier) are vulnerable to access given to a small number of uninitialized pointers within their code. This could allow an attacker to target any client or server using the affected libraries to cause a denial-of-service condition.

EPSS 0.32% · 55.1th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.32%

55.1th percentile

Affected Products

Vendor	Product	Versions
Triangle Microworks	Library: IEC 61850	Any client or server using the C language library with a version number of 11.2.0 or earlier, Any client or server using the C++, C#, or Java language library with a version number of 5.0.1 or earlier
Triangle Microworks	Library: IEC 60870-6 (ICCP/Tase.2)	Any client or server using a C++ language library with a version number of 4.4.3 or earlier

Timeline

Jan 10, 2023 CVE Published
Jan 31, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 12, 2023 EPSS Score
Apr 20, 2023 EPSS Score
May 30, 2023 EPSS Score
Jul 8, 2023 EPSS Score
Aug 17, 2023 EPSS Score
Sep 26, 2023 EPSS Score
Nov 4, 2023 EPSS Score
Dec 14, 2023 EPSS Score
Jan 22, 2024 EPSS Score

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-01 url

Open in Interactive Console →