CRITICAL🇵🇱 Wersja polska

CVE-2024-45971

CVSS 9.8v3.1pub. 2024-11-15upd. 2025-10-01

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.

🤖 AI Analysis
How it works

The vulnerability results from lack of data length validation in the handling of MMS IdentifyResponse messages on the MMS client side. A malicious server can send a crafted IdentifyResponse containing data exceeding the stack buffer size, leading to a stack-based buffer overflow. The attack requires no authentication or user interaction — it is sufficient for the client to establish a connection with a malicious MMS server.

Impact

An attacker controlling an MMS server can execute arbitrary code (RCE) in the context of the client process, cause application failure, or gain full control over the system regarding confidentiality, integrity, and availability.

Mitigation & patch

Update the LibIEC61850 library to a version containing commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 or newer, available in the manufacturer's GitHub repository. Additionally, it is recommended to restrict MMS connections to trusted servers only and to segment industrial networks.

Who is affected

MZ Automation LibIEC61850 in all versions preceding commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mz Automation Libiec61850

    APP
    Mz-Automation
    < 1.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-45970CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w MMS Client biblioteki LibIEC61850 (MZ Automation)

CVE-2022-2972CRITICAL10.0ten sam produkt

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...

CVE-2022-2970CRITICAL10.0ten sam produkt

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fb...

CVE-2018-19185CRITICAL9.8ten sam produkt

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetStrin...

CVE-2018-18957CRITICAL9.8ten sam produkt

An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goos...