More ICONICS Holes

Tuesday, October 4, 2011 @ 06:10 PM gHale

There are eight memory corruption vulnerabilities affecting ICONICS GENESIS32.

GENESIS32 is a web-deployable human-machine interface (HMI) supervisory control and data acquisition (SCADA) product.

These vulnerabilities affect ScriptWorX32, GraphWorX32, and the AlarmWorX32 and TrendWorX32 containers that run as part of the GENESIS32 application, according to ICS-CERT.

Sunway Facing Vulnerabilities
SCADA Alert: Fixes in Works
Antivirus Protection for SCADA Security
More SCADA Vulnerabilities Hit Industry

ICONICS validated the vulnerabilities and has produced patches that address them. ICS-CERT validated each of the patches and has confirmed that they resolve these vulnerabilities.

ICONICS said the following versions of GENESIS32 suffer from the vulnerabilities:
• GENESIS32 V8.05, V9.0, V9.1, and V9.2—ScriptWorX32, AlarmWorX32 and TrendWorX32 containers
• GENESIS32 V9.2—GraphWorX32

If an attacker was able to successfully exploit these vulnerabilities, it could result in an application crash and can allow arbitrary code execution.

Foxborough, MA-based ICONICS has offices in several countries around the world, including the UK, Netherlands, Italy, India, Germany, France, Czech Republic, China, and Australia.

The affected product, GENESIS32, is a web-deployable HMI SCADA system. According to ICONICS, GENESIS32 sees use primarily in the United States and Europe, with a small percentage in Asia, and is in several industries including manufacturing, building automation, oil and gas, water and wastewater, and electric utilities.

Eight memory corruption vulnerabilities came to light via independent security researchers Billy Rios and Terry McCorkle. These vulnerabilities affect the ScriptWorX32, GraphWorX32, AlarmWorX32, and TrendWorX32 containers that run as part of the GENESIS32 application. Attackers could exploit these vulnerabilities by using specially crafted files that, once opened, result in a crash in the application and possible arbitrary code execution.

These vulnerabilities are remotely exploitable. By using social engineering, it would be possible to convince a user to open the specially crafted file containing an exploit for this vulnerability.

An attacker with a low skill level can create a working exploit for this vulnerability. An attacker will need moderate skill in order to execute arbitrary code.

ICONICS released patches for each of the vulnerabilities affecting the GENESIS32 application. This patch and an updated ICONICS Whitepaper on Security Vulnerabilities are available on the ICONICS CERT website.

Users of the GENESIS32 who wish to apply this patch can refer to the ICONICS patch that matches the version of the software they are running. ICONICS has placed a Readme file in their patch download that offers instructions on how to apply the patch. If additional support is required, users can contact ICONICS for support by e-mailing

Leave a Reply

You must be logged in to post a comment.