Source URL: https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/
Source: Unit 42
Title: Multiple Vulnerabilities Discovered in a SCADA System
Feedly Summary: We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings.
The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42.
AI Summary and Description: Yes
Summary: The text provides a thorough technical analysis of vulnerabilities identified in the ICONICS Suite versions 10.97.2 and 10.97.3, specifically aimed at professionals in operational technology (OT), industrial control systems, and software security. This analysis uncovers critical security flaws that expose systems to potential attacks, emphasizing the importance of awareness and prompt patching.
Detailed Description: The analysis evaluates various vulnerabilities in the ICONICS Suite, which is utilized in automation and IIoT applications. Key findings include:
– **Vulnerabilities in ICONICS Suite**:
– Versions 10.97.2 and 10.97.3 exhibit significant security vulnerabilities that could compromise OT applications.
– Prior telemetry from internet scans indicates that multiple ICONICS servers are publicly accessible, increasing risk.
– **Specific Vulnerabilities Identified**:
– **GenBroker32 Incorrect Default Permissions (CVE-2024-7587)**:
– GenBroker communications utility facilitates communication with OPC servers, but installing GenBroker32 inadvertently exposes critical configuration files to excessive user permissions.
– This allows users to read, write, and modify sensitive files, heightening the risk of exploitation.
– **DLL Hijacking (CVE-2024-1182)**:
– Phantom DLL hijacking was discovered due to outdated SDKs still integrated into the ICONICS Suite.
– Attackers can manipulate the loading of DLLs to gain elevated system privileges through the MMCfg.exe tool, which can lead to arbitrary code execution.
– **Dead Code and Uncontrolled Search Path Vulnerabilities (CVE-2024-8299, CVE-2024-8300, CVE-2024-9852)**:
– Multiple processes within GENESIS64 are vulnerable to DLL hijacking as they rely on improperly specified DLL paths.
– This could allow attackers to exploit system privileges through applications like AlarmWorX64 MMX.
– **Collaboration for Remediation**:
– The ICONICS security team is actively working to patch these vulnerabilities, which illustrates the importance of continuous security assessments and timely responses to discovered issues.
This analysis serves as a crucial reminder for professionals about the need for secure software handling, timely updates, and the necessity of understanding the implications of legacy systems within operational environments. Organizations should prioritize patch management and implement robust security policies to protect against such vulnerabilities.