CVE-2024-34057 – Triangle Microworks IEC 61850 Client libraries ... (How to Fix)

Q: What is the severity of CVE-2024-34057?

CVE-2024-34057 has a CVSS score of 7.5 (HIGH). Triangle Microworks IEC 61850 Client libraries before version 12.2.0 have a buffer overflow vulnerability due to missing size checks when processing messages. This can cause denial of service crashes in systems using these libraries. Industrial control systems and energy management systems using these libraries are affected.

📋 TL;DR

Triangle Microworks IEC 61850 Client libraries before version 12.2.0 have a buffer overflow vulnerability due to missing size checks when processing messages. This can cause denial of service crashes in systems using these libraries. Industrial control systems and energy management systems using these libraries are affected.

💻 Affected Systems

Products:

Triangle Microworks IEC 61850 Client source code libraries

Versions: All versions before 12.2.0

Operating Systems: Any OS using the affected libraries

Default Config Vulnerable: ⚠️ Yes

Notes: Any application built with vulnerable library versions is affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash leading to prolonged denial of service in critical infrastructure systems, potentially disrupting power grid operations or industrial processes.

🟠

Likely Case

Service disruption through application crashes requiring manual restart, causing temporary operational impact in affected systems.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially causing isolated service restarts without cascading failures.

🌐 Internet-Facing: MEDIUM - While industrial protocols are typically not internet-exposed, misconfigured systems or VPN-connected devices could be vulnerable.

🏢 Internal Only: HIGH - Industrial control networks often have interconnected systems where this vulnerability could propagate through legitimate protocol communications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow exploitation requires sending specially crafted IEC 61850 messages to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.2.0

Vendor Advisory: https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new

Restart Required: Yes

Instructions:

1. Obtain updated library version 12.2.0 from Triangle Microworks. 2. Recompile all applications using the affected libraries. 3. Deploy updated applications to production systems. 4. Restart affected services.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IEC 61850 traffic to trusted networks only

Message Filtering

all

Implement network monitoring to detect and block malformed IEC 61850 messages

🧯 If You Can't Patch

Implement strict network access controls to limit IEC 61850 traffic to authorized sources only
Deploy intrusion detection systems monitoring for abnormal IEC 61850 message patterns

🔍 How to Verify

Check if Vulnerable:

Check library version in application build configuration or contact application vendor for version information

Check Version:

Application-specific; consult vendor documentation for version verification

Verify Fix Applied:

Verify application is built with library version 12.2.0 or later

📡 Detection & Monitoring

Log Indicators:

Application crashes
Memory access violation errors
Unexpected service restarts

Network Indicators:

Unusually large IEC 61850 messages
Multiple connection attempts with malformed packets

SIEM Query:

source="*iec61850*" AND (event_type="crash" OR event_type="access_violation")

📊 Metadata

CVE ID: CVE-2024-34057

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 18, 2024

Last Updated: September 25, 2024

🔗 References

https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34057, you might also want to check these: