CVE-2024-45969
📋 TL;DR
A NULL pointer dereference vulnerability in MZ Automation's LibIEC61850 MMS Client allows a malicious MMS server to crash the client via a specially crafted InitiationResponse message, causing denial-of-service. This affects systems using vulnerable versions of the library for industrial communication protocols. Organizations using MZ Automation's IEC 61850 implementations in SCADA/energy systems are primarily impacted.
💻 Affected Systems
- MZ Automation LibIEC61850
- Products using LibIEC61850 library
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical industrial control systems become unavailable, disrupting power grid operations or industrial processes with potential safety implications.
Likely Case
MMS client applications crash, disrupting communication between devices in industrial networks until manual restart.
If Mitigated
With proper network segmentation and monitoring, impact is limited to isolated network segments with quick detection and recovery.
🎯 Exploit Status
Exploitation requires network access to the MMS client and ability to send crafted MMS messages. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 or later
Vendor Advisory: https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-automations-mms-client/
Restart Required: Yes
Instructions:
1. Update LibIEC61850 to commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 or later. 2. Recompile applications using the library. 3. Restart affected MMS client services.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MMS traffic to trusted servers only using firewalls or network ACLs
MMS Server Whitelisting
allConfigure MMS clients to only accept connections from authorized servers
🧯 If You Can't Patch
- Implement strict network segmentation to limit MMS traffic to trusted servers only
- Deploy network monitoring to detect anomalous MMS traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check LibIEC61850 version or commit hash. If using source, verify code lacks the NULL pointer check in mmsClient_parseInitiateResponse()Check Version:
For source builds: git log --oneline | head -1. For binaries: check with vendor documentation.Verify Fix Applied:
Confirm LibIEC61850 is at commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 or later, or verify NULL pointer check exists in mmsClient_parseInitiateResponse()📡 Detection & Monitoring
Log Indicators:
- MMS client crash logs
- Unexpected process termination of MMS applications
- Connection resets after InitiationResponse
Network Indicators:
- MMS InitiationResponse messages from untrusted sources
- Abnormal MMS packet patterns
SIEM Query:
Process termination events for MMS client applications OR network traffic containing MMS protocol with InitiationResponse messages