SCADA system vulnerable to ActiveX control attack

ICS-CERT, which specialises in industrial control systems (ICS), is once more warning of a critical vulnerability, this time in Genesis32 and Genesis64, the 32- and 64-bit versions of Iconics web-based SCADA process control system. The buffer overflow vulnerability in the GenVersion.dll ActiveX control could be exploited by attackers to inject malicious code into control computers. Exploitation merely requires the user of the control computer to visit an infected web site. Once a system is infected, an attacker may be able to obtain control of the industrial system (e.g. a power station or factory) controlled by the Genesis control system.
The vulnerability was discovered by researchers from Security Assessment in late April. They released an advisory which included a JavaScript-based exploit. The vendor has now fixed the vulnerability by means of update WebHMI V9.21. Users of the company's BizViz analysis software should also install the update, as that also contains the vulnerable ActiveX control.
US-based ICS-CERT issued an urgent warning of 35 vulnerabilities in SCADA systems just two months ago – that list also included Iconics' Genesis.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH



Post a Comment

Related Posts Plugin for WordPress, Blogger...