CVE-2020-18731 – A NULL pointer dereference vulnerability in IEC... (How to Fix)

Q: What is the severity of CVE-2020-18731?

CVE-2020-18731 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in IEC104 v1.0 allows attackers to cause a denial of service via segmentation violation. This affects systems using the IEC 60870-5-104 protocol implementation for industrial control systems. Attackers can crash the service by sending specially crafted packets.

📋 TL;DR

A NULL pointer dereference vulnerability in IEC104 v1.0 allows attackers to cause a denial of service via segmentation violation. This affects systems using the IEC 60870-5-104 protocol implementation for industrial control systems. Attackers can crash the service by sending specially crafted packets.

💻 Affected Systems

Products:

IEC104 protocol implementation v1.0

Versions: v1.0

Operating Systems: All platforms running IEC104 v1.0

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific IEC104 implementation referenced in the CVE. Other IEC104 implementations may not be vulnerable.

📦 What is this software?

Iec104 by Iec104 Project

View all CVEs affecting Iec104 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of IEC104 protocol communication, potentially affecting industrial control system operations and causing downtime in critical infrastructure.

🟠

Likely Case

Service crash requiring manual restart, disrupting IEC104 communication until service is restored.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; service can be quickly restored if automated.

🌐 Internet-Facing: MEDIUM - While industrial systems shouldn't be internet-facing, misconfigurations could expose them. Exploitation requires network access.

🏢 Internal Only: HIGH - Industrial control networks often have flat architectures, allowing lateral movement once inside.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple packet manipulation can trigger the NULL pointer dereference. Public GitHub issue shows exploitation details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Check if using IEC104 v1.0 implementation. 2. Monitor GitHub repository for patches. 3. Consider alternative implementations if available. 4. Apply workarounds immediately.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IEC104 systems from untrusted networks using firewalls and VLANs.

Traffic Filtering

all

Implement network filtering to block malformed IEC104 packets at perimeter.

🧯 If You Can't Patch

Implement strict network access controls to limit who can communicate with IEC104 systems.
Deploy intrusion detection systems monitoring for IEC104 protocol anomalies and DoS attempts.

🔍 How to Verify

Check if Vulnerable:

Check if using IEC104 v1.0 implementation from the affected repository. Review system logs for segmentation faults related to IEC104 service.

Check Version:

Check application version or repository source to confirm IEC104 v1.0 usage.

Verify Fix Applied:

Monitor for absence of segmentation faults in IEC104 service logs after implementing controls.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in IEC104 service logs
Service crash/restart events
Abnormal termination of IEC104 process

Network Indicators:

Malformed IEC104 packets
Unexpected traffic spikes to IEC104 port (typically 2404)
Protocol violations in IEC104 communication

SIEM Query:

source="iec104.log" AND ("segmentation fault" OR "SIGSEGV" OR "crash")

📊 Metadata

CVE ID: CVE-2020-18731

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: August 23, 2021

Last Updated: November 21, 2024

🔗 References

https://cwe.mitre.org/data/definitions/476.html Third Party Advisory
https://github.com/airpig2011/IEC104/issues/5 Exploit,Third Party Advisory
https://cwe.mitre.org/data/definitions/476.html Third Party Advisory
https://github.com/airpig2011/IEC104/issues/5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18731, you might also want to check these: