CVE-2022-3976
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-3976
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3976.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-3976
- Published
- 2022-11-13T14:15:10Z
- Modified
- 2025-10-21T07:08:45.599416Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/isomms/client/mmsclient_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556.
- References
Affected packages
Git / github.com/mz-automation/libiec61850
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mz-automation/libiec61850
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.1
v1.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.4.0
v1.4.1
v1.4.2
v1.4.2.1
v1.5.0
v1.5.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-12ce5ad1",
"digest": {
"function_hash": "220168528364961616577742169346594685633",
"length": 3127.0
},
"target": {
"function": "mmsServer_handleObtainFileRequest",
"file": "src/mms/iso_mms/server/mms_file_service.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-15ec8953",
"digest": {
"threshold": 0.9,
"line_hashes": [
"140719808659767843146279232704180978741",
"53458575049793877608361521384763333270",
"87979454616608268597675365121043185984",
"55816824453777608157420347796588591725",
"273088376172010382471209048210557713962",
"165805141340672720989833409762255184081",
"161149221575513148414487335375643796610",
"5446015152398187109602408195850215421",
"24685279666081754327226081722797523644",
"316633133207587250185992563671246708426",
"148213378201347753876712205536060696025",
"322328492251177146622569086079340188853",
"187026788376214441054661842347104673180",
"137832749229578068099966348746767164314",
"249237235901664365868343470718497404018",
"43091692302596405030011237118442783658",
"226183500424070675983712518442890514278",
"293089109730880681159455672819132282458",
"215334597246882058032136600864339313118",
"194970859733327222803809377199470964518",
"135275161631059363929004914556597183252",
"288555908632629094026097495687701890668",
"330839548494386176158935900909413872937",
"191805962171823240384528173515879299763",
"79341798605673888826159739989901084394",
"220095333102465326483884603347010033051",
"267909783440874247632437162025633713230",
"266366977731117959977226696949302765933"
]
},
"target": {
"file": "src/mms/iso_mms/client/mms_client_files.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-1f43b18a",
"digest": {
"function_hash": "162115703815135026413522969739345308385",
"length": 1460.0
},
"target": {
"function": "mmsServer_handleFileDeleteRequest",
"file": "src/mms/iso_mms/server/mms_file_service.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-25a6b6db",
"digest": {
"threshold": 0.9,
"line_hashes": [
"229358991666389058954830719656125670740",
"147212652352324340210762946669751203805",
"299531989231149053797323255909641322396",
"80673827942394153471545336781346018836",
"286762767805854357410798255173649829042",
"221536359726700055605792780283429788364",
"51662105790354614603966864700101424074",
"5082633361570790104478820905111652921",
"233666192294952239679839272431655104753",
"241641415370620945572654988289597753599",
"326943843315876809007156177839829793947",
"273429305434197865891357598204211614776",
"67236736834845401426654326194984856738",
"308106787509207122804901594011828458187",
"6601602505727453601956790726057542498",
"318321880670741254436947611273978793731",
"195123742202636472447879587092889484376",
"91874448640856872642835586958135645311"
]
},
"target": {
"file": "src/mms/iso_mms/server/mms_file_service.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-79a9dcb1",
"digest": {
"function_hash": "38197448869572418463129693898794271316",
"length": 1233.0
},
"target": {
"function": "createFileDirectoryResponse",
"file": "src/mms/iso_mms/server/mms_file_service.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-7f0a47d6",
"digest": {
"function_hash": "2271010013147768251710908041264792739",
"length": 1541.0
},
"target": {
"function": "mmsServer_handleFileRenameRequest",
"file": "src/mms/iso_mms/server/mms_file_service.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-9000e05b",
"digest": {
"function_hash": "194769728266570537677738207756149215595",
"length": 1581.0
},
"target": {
"function": "mmsServer_handleFileOpenRequest",
"file": "src/mms/iso_mms/server/mms_file_service.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-9bded309",
"digest": {
"threshold": 0.9,
"line_hashes": [
"119386288191749030430666379288261375351",
"188581953362773416777316970779401284947",
"272264184007048375129626428044990583278"
]
},
"target": {
"file": "src/mms/inc_private/mms_common_internal.h"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-abaecd82",
"digest": {
"function_hash": "100441096859939978190827245877250806915",
"length": 794.0
},
"target": {
"function": "mmsMsg_parseFileName",
"file": "src/mms/iso_mms/common/mms_common_msg.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-d76a44c2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"108884549358632811717921135091764864429",
"211634442277622735553412454101757755588",
"5154128558624870380717173656875471681",
"56829703115176708901121380892372287389",
"126759108595578118946961972021913401879",
"144466995982535924664252223741287911632",
"100610365172104561464091872389485472892"
]
},
"target": {
"file": "src/mms/iso_mms/common/mms_common_msg.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/mz-automation/libiec61850/commit/10622ba36bb3910c151348f1569f039ecdd8786f",
"id": "CVE-2022-3976-e206f01d",
"digest": {
"function_hash": "120828112650938684460814195379241895680",
"length": 1554.0
},
"target": {
"function": "mmsClient_handleFileOpenRequest",
"file": "src/mms/iso_mms/client/mms_client_files.c"
},
"signature_type": "Function",
"signature_version": "v1"
}
]