CVE-2024-45970

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 15, 2024
CWE ID 120

Summary

CVE-2024-45970 is a newly disclosed vulnerability affecting the MMS Client in MZ Automation LibIEC61850. Malicious servers can exploit multiple buffer overflows in this component, located before the commit ac925fae8e281ac6defcd630e9dd756264e9c5bc. By sending a specially crafted MMS FileDirResponse message, attackers can cause a stack-based buffer overflow, potentially leading to arbitrary code execution or a denial-of-service condition. This vulnerability poses a significant risk for industrial control systems that utilize MZ Automation LibIEC61850 and should be addressed promptly by implementing available patches or workarounds.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share