CVE-2020-18730
Description
A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in the Iec104_Deal_I function of IEC104 v1.0 allows remote attackers to cause a denial of service.
Vulnerability
A segmentation violation occurs in the Iec104_Deal_I function of IEC104 v1.0 due to a null pointer dereference [1]. The vulnerability is present in the IEC104 protocol implementation, which is used in industrial control systems for telecontrol communication. The affected version is IEC104 v1.0.
Exploitation
An attacker can trigger the vulnerability by sending a specially crafted IEC104 packet to the target system. No authentication is required, and the attacker only needs network access to the service. The crafted packet causes the Iec104_Deal_I function to dereference a null pointer, leading to a segmentation fault.
Impact
Successful exploitation results in a denial of service (DoS) condition, causing the IEC104 service to crash. This can disrupt communication in SCADA environments, potentially affecting industrial operations.
Mitigation
No official patch or mitigation has been disclosed in the available references [1]. Users should monitor vendor advisories for updates. As a workaround, network segmentation and access controls can limit exposure to untrusted networks.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IEC104/IEC104description
- Range: <=1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cwe.mitre.org/data/definitions/476.htmlmitrex_refsource_MISC
- github.com/airpig2011/IEC104/issues/4mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.