CVE-2024-36702 identifies a heap overflow vulnerability in libiec61850 version 1.5, a widely used open-source library implementing the IEC 61850 standard for communication in electrical substation automation systems. The flaw exists in the BerEncoder_encodeLength function located in the asn1/ber_encoder.c source file, where improper handling of length encoding in BER (Basic Encoding Rules) ASN.1 data structures leads to a heap overflow condition (CWE-122). This vulnerability arises when the function processes crafted input data that causes it to write beyond the allocated heap buffer, potentially corrupting memory. The CVSS v3.1 base score is 7.4 (high), reflecting that exploitation requires local access (AV:L), high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). The impact scope is unchanged (S:U), but the vulnerability can compromise confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation could allow attackers to execute arbitrary code, escalate privileges, or crash the system, severely impacting the reliability and security of critical infrastructure systems relying on libiec61850. No patches or known exploits have been reported yet, indicating that the vulnerability is newly disclosed and may not be widely exploited at this time.

The vulnerability poses a significant risk to organizations deploying libiec61850 in their operational technology (OT) environments, particularly in electrical utilities and industrial control systems that implement IEC 61850 protocols. Exploitation could lead to unauthorized code execution, enabling attackers to manipulate substation automation devices, disrupt power grid operations, or cause denial of service conditions. This could result in widespread outages, safety hazards, and financial losses. Given the critical role of IEC 61850 in power system automation, the impact extends to national critical infrastructure, potentially affecting grid stability and resilience. The requirement for local access and high attack complexity somewhat limits remote exploitation, but insider threats or compromised internal systems could leverage this vulnerability. The absence of patches increases the window of exposure, emphasizing the need for proactive risk management.

Organizations should immediately conduct an inventory to identify systems running libiec61850 version 1.5 or earlier. Restrict local access to these systems through network segmentation, strict access controls, and monitoring of privileged accounts. Employ anomaly detection to identify unusual memory usage or crashes related to the BerEncoder_encodeLength function. Collaborate with libiec61850 maintainers and vendors for timely patch releases and apply updates as soon as they become available. Consider deploying application whitelisting and exploit mitigation technologies such as heap protections and address space layout randomization (ASLR) on affected systems. For critical environments, implement compensating controls like enhanced logging and incident response readiness to quickly detect and respond to exploitation attempts. Avoid processing untrusted or malformed ASN.1 BER data inputs until patches are applied.