October 9, 2024 at 11:43AM
Multiple security vulnerabilities in the Manufacturing Message Specification (MMS) protocol pose risks for industrial environments, potentially enabling device crashes and remote code execution. Key libraries affected were patched in 2022, but gaps in security for modern technology versus outdated protocols persist. Additional vulnerabilities in other systems were also reported.
### Meeting Takeaways – October 09, 2024
**Subject:** Security Vulnerabilities in Manufacturing Message Specification (MMS) Protocol
1. **Overview of Vulnerabilities:**
– Multiple security vulnerabilities discovered in the MMS protocol implementations could impact industrial environments.
– Researchers from Claroty highlighted potential severe consequences, including device crashes and remote code execution.
2. **Key Protocol Details:**
– MMS functions at the OSI application layer, facilitating communication between Intelligent Electronic Devices (IEDs) and SCADA systems/PLCs.
3. **Identified Vulnerabilities:**
– Vulnerabilities identified in two libraries:
– **MZ Automation’s libIEC61850 library**
– **Triangle MicroWorks’ TMW IEC 61850 library**
– These issues were addressed in patches released in September and October 2022.
– Specific vulnerabilities include:
– **CVE-2022-2970:** Critical buffer overflow (CVSS: 10.0)
– **CVE-2022-2971:** Type confusion vulnerability (CVSS: 8.6)
– **CVE-2022-2972:** Critical buffer overflow (CVSS: 10.0)
– **CVE-2022-2973:** Null pointer dereference (CVSS: 8.6)
– **CVE-2022-38138:** Access of uninitialized pointer (CVSS: 7.5)
4. **Siemens SIPROTEC 5 IED:**
– Relied on an outdated version of SISCO’s MMS-EASE stack, noted for a potential DoS condition (CVE-2015-6574, CVSS: 7.5).
– Firmware updates were implemented in December 2022.
5. **Call to Action:**
– Urgent recommendation for vendors to adhere to security guidelines provided by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
6. **Related Vulnerabilities:**
– Nozomi Networks reported vulnerabilities in Espressif’s ESP-NOW wireless protocol that could lead to replay attacks and DoS conditions.
– Previously identified vulnerabilities in OpenFlow libfluid_msg parsing library and Beckhoff Automation’s TwinCAT/BSD operating system could also lead to DoS attacks or logic tampering.
7. **Conclusion:**
– The findings underscore a critical gap between the security needs of modern technology and the reliance on outdated protocols, highlighting the necessity for consistent updates and adherence to security protocols.
**Next Steps:**
– Follow up with vendors regarding the implementation of recommended security measures and updates.
– Monitor developments related to recently discovered vulnerabilities in other systems.
For further updates, connect with us on Twitter and LinkedIn.