CVE-2021-45769 – This vulnerability in libiec61850 v1.5.0 allows... (How to Fix)

Q: What is the severity of CVE-2021-45769?

CVE-2021-45769 has a CVSS score of 7.5 (HIGH). This vulnerability in libiec61850 v1.5.0 allows attackers to cause a denial of service by triggering a NULL pointer dereference in the AcseConnection_parseMessage function. Systems using this library for IEC 61850 communication in industrial control and energy management applications are affected. The crash occurs when parsing malformed ACSE messages.

📋 TL;DR

This vulnerability in libiec61850 v1.5.0 allows attackers to cause a denial of service by triggering a NULL pointer dereference in the AcseConnection_parseMessage function. Systems using this library for IEC 61850 communication in industrial control and energy management applications are affected. The crash occurs when parsing malformed ACSE messages.

💻 Affected Systems

Products:

libiec61850

Versions: Version 1.5.0 specifically

Operating Systems: All platforms running libiec61850

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using libiec61850 v1.5.0 for IEC 61850 communication is vulnerable regardless of configuration.

📦 What is this software?

Libiec61850 by Mz Automation

View all CVEs affecting Libiec61850 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of industrial control systems or energy management applications, potentially causing operational downtime in critical infrastructure.

🟠

Likely Case

Application crash leading to denial of service, requiring manual restart of affected services.

🟢

If Mitigated

Limited impact with proper segmentation and monitoring; crashes would be contained to non-critical systems.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires specific IEC 61850 protocol access, internet-exposed systems could be targeted by sophisticated attackers.

🏢 Internal Only: HIGH - Internal systems in industrial networks are primary targets due to the prevalence of IEC 61850 in critical infrastructure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub issue contains technical details that could be used to craft an exploit. The vulnerability requires sending malformed ACSE messages to the vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.5.1 or later

Vendor Advisory: https://github.com/mz-automation/libiec61850/issues/368

Restart Required: Yes

Instructions:

1. Download libiec61850 v1.5.1 or later from the official repository. 2. Replace the vulnerable version with the patched version. 3. Recompile any applications using the library. 4. Restart affected services.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate systems using libiec61850 from untrusted networks

Input Validation

all

Implement additional message validation before passing to libiec61850

🧯 If You Can't Patch

Implement strict network access controls to limit communication to trusted IEC 61850 clients only
Deploy monitoring to detect abnormal ACSE message patterns and restart services automatically on crash

🔍 How to Verify

Check if Vulnerable:

Check if libiec61850 version 1.5.0 is installed: ldd /path/to/application | grep libiec61850 and check version in package manager

Check Version:

strings /usr/lib/libiec61850.so | grep 'libiec61850' | head -1

Verify Fix Applied:

Verify libiec61850 version is 1.5.1 or later: dpkg -l | grep libiec61850 or equivalent package manager command

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in application logs
Unexpected service restarts
ACSE parsing errors

Network Indicators:

Malformed ACSE packets to port 102 (MMS) or other IEC 61850 ports
Unusual traffic patterns to industrial protocol ports

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "null pointer" OR "acse.c")

📊 Metadata

CVE ID: CVE-2021-45769

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: January 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/mz-automation/libiec61850/issues/368 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/mz-automation/libiec61850/issues/368 Exploit,Issue Tracking,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45769, you might also want to check these: