You are currently viewing MMS Protocol Vulnerabilities: Academic discovers deep-rooted vulnerability in some industrial protocol suites

MMS Protocol Vulnerabilities: Academic discovers deep-rooted vulnerability in some industrial protocol suites

Manufacturing Message Specification (MMS) protocol is an application layer protocol designed specifically for communication with industrial control systems. It runs in the OSI’s application layer, allowing supervisory control system and related field devices including PLCs and IEDs to interoperate. Due to the support for a context-independent exchange of data, MMS enables industrial systems to function in a cooperative and optimized approach.

Importance of the Research Based on MMS Protocol Vulnerabilities in Industrial Automation

Automated processing of industries is significantly enabled by MMS. It facilitates tele-operation and tele-s supervision of devices, which is important in the on-off control decision making of essential infrastructures mainly the manufacturing industries, power production and electricity distribution companies. The protocol enables SCADA systems to communicate with the different field devices as all the necessary actions require to be taken regarding operations, time elaborated, and efficiency in the production process is to be achieved.

Finding Vulnerabilities in MMS Protocol Libraries

Recently, in the news from Clarity. A company in technology (OT) security. Researchers Mashav Sapir and Vera Men’s revealed some significant security gaps in two popular MMS protocol libraries used widely today in various industrial systems; libIEC61850 by MZ Automation and TMW IEC 61850 by Triangle Microworks. These vulnerabilities are deemed severe as they could have repercussions, for operations should they be exploited by malicious individuals.

The weaknesses found in these MMS protocol libraries are sorted according to their characteristics and the degree of risk they present to settings providing an analysis of each vulnerability including their Common Vulnerabilities and Exposures (CVE) references and severity ratings.

  • CVE ID 2022. 2979 (Score of 10); There is a stack-based buffer overflow vulnerability discovered in the library which is considered highly critical as it enables a malicious actor to remotely run any code they choose leading to potential disruptions or failures, in industrial devices.
  • A vulnerability known as CVE 20202. 2971 With a score of 8. type confusion issue has been identified in the, libIEC61850 library This vulnerability allows attackers to crash the server by using a crafted payload which can disrupt industrial processes relying on the affected server
  • CVE number 2022. 2972 Has a score of 10 and is comparable, to CVE number 2022. 2972 In terms of a stack-based buffer overflow vulnerability that could result in remote code execution and potential unauthorized access, to industrial devices.

Effects of MMS Protocol Vulnerabilities on the Operations of Industries

MMS Protocol Vulnerabilities

Threats and Ramifications of Attacking the MMS Protocol

If these vulnerabilities are exploited, the consequences for industrial environments could be dire. Attackers could potentially

Crashing the Device: Industrial control systems would be targeted at system intensive components for crashes disrupting operations of critical infrastructure for instance industrial production leading to standby company operations with considerable revenue costs.
Remote Code Execution: Malicious code could be issued easily in those networks in industries which comprise the industrial devices and this could cause the proposed manipulation of system operations, distortion of data, stalling the production lines, etc.
Denial-of-Service (DoS) Attacks: Devices could be allocated for malicious data-basing for sent employments to the appropriate systems to became charged and rendered useless thus no control system will be available for genuine users.

Real-World Example: Iowa State University’s MOOC Linked with E-Records says that Siemens SIPROTEC 5 IED Vulnerability is connected with MMS Protocol Vulnerabilities

While there, Claroty’s team found that Siemens’ SIPROTEC 5 IED devices were on the older version of the MMS-EASE stack from SISCO. This version was vulnerable to a DoS condition triggered by specially crafted network packets (CVE-2015-6574, CVSS score: 7.5). Subsequently, Siemens quickly put out firmware updates to cover the exploit which was disclosed in December 2022. This example serves to show that no industrial systems should be left without being updated to meet new security measures.
Understanding the Needs of Modern Industry standardization of MMS protocol A Systematic Approach
Outlining Key Steps for Protection against MMS Protocol Information Security Vulnerabilities in IEC 61850

One of the major bottlenecks of most industrial control systems security is the almost over dependency on legacy protocols which are easily exploited since they are not built with today’s active threats in mind. Many industrial systems use MMS communication protocol which is quite an effective communication tool but unfortunately does not have built in secure access to defend it from sophisticated cyber-attacks.

You Can Also Read: Google App Store Ruling: They planned for dramatic changes that boost competition.

Industrial Best Practices for Integrated Security of MMS: the steps as processes, systems contents, transformation and coordinating

MMS Protocol Vulnerabilities

Costs to be incurred if the risks arise include the following, the industrial vendors and operators are encouraged

Ensure all control systems and protocol libraries are up-to-date with the newest security patches: Frequent System Maintenance. Frequent System Maintenance. Security Zones/Security Policies to Protect Control Systems. Enable all necessary updates to be installed during system maintenance which makes due to lack of time to run the updates on all systems, the systems are enabled to work

Dividing the network into Security Zones: Security Zones Structure, Policies., Guidelines, Organization and Management. If any specific network segment is penetrated by cyber attack, it may take unnecessary efforts, & time since it will all be critical based on the computer system cross-sectional arrangement.

Replace vulnerable protocols with better ones whenever possible: Extending Access Control Security Mechanism. Installation of less or no security risks in threatening protocols.

Comply with CISA: Policy on the Prevention of Cyber Security Risk. Cyber Security Mini Guidelines. Cyber Security Funding.
The Future of Industrial Systems Security in Consideration of MMS Protocol Vulnerabilities

Defeating Exposure of the MMS Protocol

Current research has shown such gaps in security of systems to be existent in different protocols and this offers critical reasons why all-encompassing measures towards combatting cyber threats in the industrial and IoT realms should be undertaken. In such cases, the weaknesses of the system must be addressed through active persistence of an adversary, detection and responses to any surveillance operations.
Combative Engagement to Eliminate the MMS Protocol Weaknesses Hypothesis

Standards and guidelines to help improve the industrial control system against future threats must be established by industry players, cyber security organizations as well as the government. By helping in this way, it is possible to overcome the problem of combining the old technology with the requirements of new advanced protection measures for the industrial and critical infrastructure against modern threats.

In Closing: in Order to Ensure the Industrial Security, Vulnerabilities Associated with MMS Protocols have to be Addressed Promptly

The recent emergence of MMS protocol security flaws and lots of other industrial communication protocols provides an alarming insight into the cybersecurity concerns in the contemporary industrialized society. These, then, calls for equal or greater attention to securing these systems from intrusion as let’s say the expansion of digital transformation. There is the need for industrial operators to implement proactive means of protection and continually update the systems as well as conform to the most recent standards in order to prevent future events.

It is only through being right from the beginning and continuing that direction with active cyber security solutions that the trouble plagued industrial systems will have rebutted the issues that are intrusively mounting and electric processes pivotal to industries will continuously be employed.

I’m also on Facebook,, Instagram, WhatsApp, LinkedIn, and Threads for more updates and conversations.

Â