CVE-2024-45970 is a critical security vulnerability affecting the MMS Client implementation within the MZ Automation LibIEC61850 library, a widely used open-source library for IEC 61850 communication in industrial automation and control systems. The vulnerability stems from multiple stack-based buffer overflows triggered by maliciously crafted MMS FileDirResponse messages sent by a compromised or rogue MMS server. The buffer overflow occurs due to inadequate bounds checking when processing these messages, leading to potential memory corruption. Exploiting this flaw allows an attacker to execute arbitrary code with the privileges of the MMS client process, potentially leading to full system compromise, data integrity violations, or denial of service conditions. The vulnerability has a CVSS v3.1 base score of 9.8, indicating critical severity, with attack vector as network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). This vulnerability is classified under CWE-120 (Classic Buffer Overflow). The flaw affects versions of LibIEC61850 prior to commit ac925fae8e281ac6defcd630e9dd756264e9c5bc, though specific version numbers are not provided. No public exploit code or active exploitation has been reported yet. Given the role of LibIEC61850 in industrial control systems, exploitation could disrupt critical infrastructure operations.

The impact of CVE-2024-45970 is severe for organizations relying on the MZ Automation LibIEC61850 library in their industrial control systems, particularly those implementing IEC 61850 protocols for power grid automation, substations, and other critical infrastructure. Successful exploitation can lead to arbitrary code execution, allowing attackers to take control of affected devices or systems. This can result in unauthorized manipulation of industrial processes, data theft, sabotage, or prolonged denial of service, potentially causing physical damage or widespread operational disruption. The vulnerability's network-exploitable nature and lack of authentication requirements increase the risk of remote attacks by threat actors, including nation-state adversaries targeting critical infrastructure. The absence of known exploits currently provides a window for proactive defense, but the critical severity demands urgent attention. Organizations worldwide with deployments of LibIEC61850 in energy, utilities, manufacturing, and transportation sectors face significant operational and security risks if unmitigated.

1. Immediate mitigation involves updating the MZ Automation LibIEC61850 library to the fixed version that includes commit ac925fae8e281ac6defcd630e9dd756264e9c5bc or later, once available. Monitor official repositories and vendor advisories for patches. 2. Until patches are applied, restrict network access to MMS clients by implementing strict firewall rules and network segmentation to limit exposure to untrusted MMS servers. 3. Employ deep packet inspection and anomaly detection systems to identify and block malformed MMS FileDirResponse messages indicative of exploitation attempts. 4. Conduct thorough code audits and fuzz testing on MMS client implementations to detect similar buffer overflow vulnerabilities proactively. 5. Implement robust intrusion detection and incident response plans tailored for industrial control system environments to quickly identify and respond to exploitation attempts. 6. Engage with vendors and community maintainers to accelerate patch development and share threat intelligence related to this vulnerability. 7. Where possible, deploy application-layer gateways or protocol proxies that validate MMS traffic and enforce strict protocol compliance to mitigate malformed message attacks.