Multiple issues in the IEC 60870-5-104 protocol could allow an unauthenticated, remote attacker to spoof network communications or exploit input validation flaws on vulnerable systems using the affected protocol.
The issues in the affected protocol are due to insecure transmission and insufficient sanitization of the following:
- Numbered supervisory function (S Format) message
- Unnumbered control function (U Format) message
- Information transfer (I Format) message header
- Unsupported ADSU
- APCI length
- Packed start events of protection equipment with time tag
- 32-bit string
- Counter interrogation command
- Double command or regulating step command
- Interrogation command
- Single command
- Set-point command
- End of initialization
- Packed output circuit information of protection equipment with time tag
An attacker could exploit these issues by sending malicious network requests to the affected software. An exploit could allow an attacker to spoof the source or type of communications or exploit other issues as a result of processing messages on the targeted system.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit these issues.
The vendor has not confirmed these issues. Software updates are not available.