CVE-2024-9684
Unknown Unknown - Not Provided
Denial of Service in FreyrSCADA IEC-60870-5-104 Server

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: Red Hat, Inc.

Description
FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2024-9684
EUVD
EUVD-2025-204800
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
freyrscada iec-60870-5-104 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-9684 is a vulnerability in the IEC-60870-5-104 protocol implementation within the FreyrSCADA project. It occurs due to improper handling of overlapping memory regions in memcpy() calls inside the static library libx86_x64-iec104.a. When memcpy() is called with overlapping source and destination buffers, it triggers a memcpy-param-overlap error, causing a segmentation fault that crashes the program. This crash can be exploited by remote attackers sending specific crafted message sequences to cause a denial of service (DoS). [1]

Impact Analysis

This vulnerability can be exploited by remote attackers to cause a denial of service (DoS) on the FreyrSCADA/IEC-60870-5-104 server by sending specially crafted message sequences. The resulting crash from the memcpy overlap error causes the server to become unavailable, potentially disrupting operations that rely on this SCADA protocol implementation. [1]

Detection Guidance

This vulnerability can be detected by replaying crafted IEC-104 message sequences to the FreyrSCADA IEC-60870-5-104 server and observing if it crashes due to a memcpy-param-overlap error. The AFLnet suite, which includes the tools aflnet-replay and afl-showmap, can be used for this purpose. The steps include installing AFLnet with IEC protocol parsing support, using aflnet-replay to replay the crafted message sequences, and using afl-showmap to generate a trace bitmap to observe the error. The specific message sequences to test are available online. Commands involve running aflnet-replay with the crafted sequences against the target binary to trigger the fault. [1, 2]

Mitigation Strategies

The provided resources do not specify immediate mitigation steps for this vulnerability. However, since the issue is caused by overlapping memory regions in memcpy calls leading to crashes, a general immediate step would be to restrict or monitor incoming IEC-60870-5-104 message sequences from untrusted sources to prevent exploitation. Additionally, applying any available patches or updates from the FreyrSCADA project once released would be recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-9684. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart