MMS Under the Microscope: Examining the Security of a Power Automation Standard

Executive Summary: Team82 analyzed the MMS/IEC 61850 protocol used in power substation devices, developed an MMS Stack Detector for implementation fingerprinting, and used fuzzing to uncover five vulnerabilities across multiple MMS stacks (including a stack buffer overflow enabling potential remote code execution and crashes leading to denial-of-service). They produced PoCs that crashed devices (including Siemens SIPROTEC5 and ABB AC 800M behaviors), disclosed findings to vendors (resulting in CVEs and advisories), and released tooling and recommendations to help secure affected industrial control systems.