CVE-2024-45971 is a critical security vulnerability affecting the MMS Client implementation within the MZ Automation LibIEC61850 library, a widely used open-source library implementing the IEC 61850 standard for communication in electrical substation automation systems. The vulnerability stems from multiple stack-based buffer overflows triggered by maliciously crafted MMS IdentifyResponse messages sent by a server to the client. Specifically, the MMS Client fails to properly validate or bound-check data received in these IdentifyResponse messages, leading to memory corruption on the stack. This type of vulnerability (CWE-120) can allow an attacker to overwrite the return address or other control data on the stack, enabling arbitrary code execution or causing a crash (denial of service). The vulnerability can be exploited remotely without any authentication or user interaction, as the MMS Client typically initiates communication with servers in industrial control networks. The CVSS 3.1 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation over the network. Although no patches have been officially released at the time of publication, the vulnerability was disclosed publicly on November 15, 2024, and users of the affected library versions should consider immediate risk mitigation. Given the critical role of IEC 61850 in power grid and industrial automation, this vulnerability poses a significant threat to operational technology environments.

The impact of CVE-2024-45971 is severe for organizations relying on the MZ Automation LibIEC61850 library in their industrial control systems, particularly electrical substations and critical infrastructure. Exploitation can lead to complete compromise of affected devices, allowing attackers to execute arbitrary code, disrupt control processes, or cause system crashes. This can result in loss of control over critical infrastructure, data breaches, operational downtime, and potentially cascading failures in power grids or industrial environments. The vulnerability's remote exploitability without authentication increases the attack surface, enabling threat actors to target exposed or poorly segmented networks. Additionally, the compromise of such systems can have safety implications and cause significant financial and reputational damage. Organizations in sectors such as energy, utilities, manufacturing, and critical infrastructure are especially vulnerable, as IEC 61850 is a standard protocol in these domains.

1. Immediate network segmentation: Isolate devices using the vulnerable MMS Client from untrusted networks and restrict access to trusted management networks only. 2. Deploy strict firewall rules and intrusion detection systems to monitor and block suspicious MMS IdentifyResponse traffic. 3. Conduct thorough inventory and identify all systems using the MZ Automation LibIEC61850 library to assess exposure. 4. Apply any available patches or updates from the library maintainers as soon as they are released. 5. If patches are not yet available, consider temporary mitigations such as disabling MMS Client functionality or replacing the library with alternative implementations where feasible. 6. Implement strict input validation and anomaly detection at the network level to detect malformed MMS messages. 7. Regularly audit and monitor logs for unusual activity related to MMS communications. 8. Engage with vendors and industrial control system integrators to ensure awareness and coordinated response. 9. Develop and test incident response plans specific to industrial control system compromises involving IEC 61850 protocols.