ENCS recently identified three significant vulnerabilities in the MMS Client of the MZ Automation LibIEC61850 library prior to version 1.6.0. These vulnerabilities were discovered at the time by ENCS testers Humza Ahmad & Albert Spruyt. They expose systems using this client to potentially severe risks, including Denial of Service (DoS) attacks and unauthorized code execution. Each vulnerability can be exploited remotely, allowing a malicious server to impact critical infrastructure reliant on secure communication protocols.
The first vulnerability, tracked as CVE-2024-45969, stems from a NULL pointer dereference issue in the MMS Client. This flaw allows a malicious server to send a crafted MMS InitiationResponse message, causing the client to crash and resulting in a Denial of Service.
The second and third vulnerabilities, CVE-2024-45970 and CVE-2024-45971, are both buffer overflow vulnerabilities within the MMS Client’s parsing functions. These occur when the MMS Client receives malformed FileDirResponse and IdentifyResponse messages from a malicious server. The buffer overflows cause memory allocation issues, allowing attackers to execute arbitrary code and potentially access confidential data.
At this stage of the publication of CVEs, MZ Automation has acknowledged and issued patches for each of these vulnerabilities. These findings underscore the importance of rigorous cybersecurity practices and prompt patching to protect critical infrastructure from evolving cyber threats.
For more information, the CVEs can be accessed in the MITRE CVE Database: CVE-2024-45969, CVE-2024-45970 and CVE-2024-45971.