SCADA system vulnerable to ActiveX control attack
Source: ICONICS Inc ICS-CERT, which specialises in industrial control systems (ICS), is once more warning of a critical vulnerability, this time in Genesis32 and Genesis64, the 32- and 64-bit versions of Iconics web-based SCADA process control system. The buffer overflow vulnerability in the GenVersion.dll ActiveX control could be exploited by attackers to inject malicious code into control computers. Exploitation merely requires the user of the control computer to visit an infected web site. Once a system is infected, an attacker may be able to obtain control of the industrial system (e.g. a power station or factory) controlled by the Genesis control system.
US-based ICS-CERT issued an urgent warning of 35 vulnerabilities in SCADA systems just two months ago – that list also included Iconics' Genesis.