CVE-2024-9684
Denial of Service in FreyrSCADA IEC-60870-5-104 Server
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freyrscada | iec-60870-5-104 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-9684 is a vulnerability in the IEC-60870-5-104 protocol implementation within the FreyrSCADA project. It occurs due to improper handling of overlapping memory regions in memcpy() calls inside the static library libx86_x64-iec104.a. When memcpy() is called with overlapping source and destination buffers, it triggers a memcpy-param-overlap error, causing a segmentation fault that crashes the program. This crash can be exploited by remote attackers sending specific crafted message sequences to cause a denial of service (DoS). [1]
How can this vulnerability impact me? :
This vulnerability can be exploited by remote attackers to cause a denial of service (DoS) on the FreyrSCADA/IEC-60870-5-104 server by sending specially crafted message sequences. The resulting crash from the memcpy overlap error causes the server to become unavailable, potentially disrupting operations that rely on this SCADA protocol implementation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by replaying crafted IEC-104 message sequences to the FreyrSCADA IEC-60870-5-104 server and observing if it crashes due to a memcpy-param-overlap error. The AFLnet suite, which includes the tools aflnet-replay and afl-showmap, can be used for this purpose. The steps include installing AFLnet with IEC protocol parsing support, using aflnet-replay to replay the crafted message sequences, and using afl-showmap to generate a trace bitmap to observe the error. The specific message sequences to test are available online. Commands involve running aflnet-replay with the crafted sequences against the target binary to trigger the fault. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The provided resources do not specify immediate mitigation steps for this vulnerability. However, since the issue is caused by overlapping memory regions in memcpy calls leading to crashes, a general immediate step would be to restrict or monitor incoming IEC-60870-5-104 message sequences from untrusted sources to prevent exploitation. Additionally, applying any available patches or updates from the FreyrSCADA project once released would be recommended. [1]