Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.
The vulnerability results from improper handling of MMS FileDirResponse messages by the MMS client in the LibIEC61850 library (CWE-120 — classic buffer overflow). A malicious server can send a specially crafted FileDirResponse that causes a stack buffer overflow on the client side. Due to the lack of input size validation, it is possible to overwrite stack memory, which can lead to taking control of the program's execution flow.
An attacker controlling an MMS server can trigger arbitrary code execution (RCE) on the client device, gain full control over the system, or destabilize it (DoS). Confidentiality, integrity, and availability of the system are potentially compromised to the highest degree.
The LibIEC61850 library must be updated to a version containing commit ac925fae8e281ac6defcd630e9dd756264e9c5bc or later. Details are available in the project's GitHub repository and in the ENCS statement. Until the update is applied, it is recommended to restrict network access to components using the MMS client library and to implement OT/ICS network segmentation.
MZ Automation LibIEC61850 in all versions preceding commit ac925fae8e281ac6defcd630e9dd756264e9c5bc
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMz Automation Libiec61850
APPMz-Automation< 1.6.0
Related vulnerabilities
Buffer overflow w MMS Client biblioteki LibIEC61850 — zdalne przejęcie kontroli
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetStrin...
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goos...