CVE-2026-51219
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A heap buffer overflow vulnerability has been discovered in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 versions 2.3.3 through 2.3.6. An attacker can exploit this to cause a Denial of Service (DoS) by sending a crafted payload.
Risk Assessment
The risk involves potential remote disruption of systems using lib60870, which may lead to service outages in critical environments, especially in industrial automation settings.
Recommendation
Immediately update lib60870 to a version later than 2.3.6 that includes the fix. Additionally, restrict network access to systems using this library to trusted networks only.
Original NVD description (English source)
A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

