CVE-2024-46602 – An XML External Entity (XXE) vulnerability in E... (How to Fix)

Q: What is the severity of CVE-2024-46602?

CVE-2024-46602 has a CVSS score of 7.5 (HIGH). An XML External Entity (XXE) vulnerability in Elspec G5 digital fault recorder versions 1.2.1.12 and earlier allows attackers to cause Denial of Service (DoS) via crafted XML payloads. This affects organizations using these devices for power system monitoring and protection. The vulnerability stems from improper XML parsing that doesn't restrict external entity references.

📋 TL;DR

An XML External Entity (XXE) vulnerability in Elspec G5 digital fault recorder versions 1.2.1.12 and earlier allows attackers to cause Denial of Service (DoS) via crafted XML payloads. This affects organizations using these devices for power system monitoring and protection. The vulnerability stems from improper XML parsing that doesn't restrict external entity references.

💻 Affected Systems

Products:

Elspec G5 digital fault recorder

Versions: 1.2.1.12 and earlier

Operating Systems: Embedded/Proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in XML parsing functionality; exact attack vector depends on which interfaces accept XML input.

📦 What is this software?

G5dfr Firmware by Elspec Ltd

View all CVEs affecting G5dfr Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability of the fault recorder, potentially disrupting power system monitoring and protection functions during critical events.

🟠

Likely Case

Temporary service disruption requiring manual restart of the device, causing gaps in fault recording and analysis.

🟢

If Mitigated

No impact if XML parsing is properly restricted or if vulnerable interfaces are not exposed.

🌐 Internet-Facing: MEDIUM - Risk depends on network exposure; if web interfaces are internet-accessible, exploitation is feasible.

🏢 Internal Only: HIGH - Industrial control systems often have less security monitoring, making internal exploitation more likely.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send XML payloads to vulnerable interfaces; specific attack vectors not detailed in advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.2.1.12

Vendor Advisory: https://www.elspec-ltd.com/support/security-advisories

Restart Required: No

Instructions:

1. Contact Elspec support for patching instructions. 2. Apply firmware update to version after 1.2.1.12. 3. Verify XML parsing now restricts external entities.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Elspec G5 devices from untrusted networks and restrict XML input sources.

Input Validation

all

Implement XML schema validation and reject documents with external entity declarations.

🧯 If You Can't Patch

Implement strict network access controls to limit who can communicate with the device
Deploy intrusion detection systems to monitor for XML-based attack patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console; if version is 1.2.1.12 or earlier, device is vulnerable.

Check Version:

Check via device web interface or use manufacturer's diagnostic tools

Verify Fix Applied:

After patching, verify version is above 1.2.1.12 and test XML parsing with safe payloads containing entity declarations.

📡 Detection & Monitoring

Log Indicators:

Unusual XML parsing errors
System restart events following XML input
Memory exhaustion warnings

Network Indicators:

Unusual XML traffic to device ports
Repeated connection attempts with malformed XML

SIEM Query:

source="elspec_g5" AND (event_type="xml_error" OR event_type="system_restart")

📊 Metadata

CVE ID: CVE-2024-46602

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-611

EPSS Score: 0.15% exploit probability (35.9th percentile)

Published: January 7, 2025

Last Updated: April 16, 2025

🔗 References

https://www.elspec-ltd.com/support/security-advisories. Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46602, you might also want to check these: