CVE-2024-36059
📋 TL;DR
A directory traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart allows attackers to read or write arbitrary files via the IEC61850 File Transfer protocol. This affects all versions up to and including 2.3.5. Organizations using this industrial control system software for substation automation are at risk.
💻 Affected Systems
- Kalkitech ASE ASE61850 IEDSmart
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to modify configuration files, install malware, steal sensitive operational data, or disrupt critical infrastructure operations.
Likely Case
Unauthorized file access leading to data theft, configuration manipulation, or denial of service through file deletion/modification.
If Mitigated
Limited impact if network segmentation prevents access to vulnerable systems and file permissions restrict damage.
🎯 Exploit Status
Directory traversal vulnerabilities typically have low exploitation complexity once the attack vector is identified
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.3.6 or later
Vendor Advisory: https://kalkitech.com/wp-content/uploads/2024/05/CYB_60704_Advisory_v1.0.pdf
Restart Required: Yes
Instructions:
1. Download version 2.3.6 or later from Kalkitech. 2. Backup current configuration. 3. Install the updated version. 4. Restart the ASE61850 IEDSmart service. 5. Verify functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate ASE61850 systems from untrusted networks using firewalls
Protocol Restriction
allBlock or restrict IEC61850 File Transfer protocol at network boundaries
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with ASE61850 devices
- Deploy file integrity monitoring to detect unauthorized file changes
🔍 How to Verify
Check if Vulnerable:
Check ASE61850 IEDSmart version in application interface or configuration filesCheck Version:
Check application About dialog or configuration files for version informationVerify Fix Applied:
Confirm version is 2.3.6 or later and test file transfer functionality📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns via IEC61850 protocol
- Failed directory traversal attempts in application logs
Network Indicators:
- IEC61850 file transfer requests with directory traversal patterns (../ sequences)
SIEM Query:
source="ASE61850" AND (event="file_transfer" AND path="*../*")