Iconics GENESIS32 Multiple Memory Corruption Vulnerabilities
September 30, 2011
Multiple vulnerabilities
have been reported by security researchers Billy Rios and
Terry McCorkle in ICONICS GENESIS32, which can be exploited
by malicious people to compromise a user's system. Eight
memory corruption vulnerabilities have been found affecting
the following components:
- ScriptWorX32
- AlarmWorX32
- TrendWorX32
- GraphWorX32
Successful exploitation of the vulnerabilities may allow
execution of arbitrary code, but requires tricking a user
into opening a malicious file. Failed exploit attempts will
likely result in denial-of-service conditions.
The vulnerabilities are reported in versions 8.05, 9.0, 9.1,
and 9.2.
SCADAhacker
comment:
Billy Rios and Terry McCorkle presented at DerbyCon 2011
a session entitled "100 Bugs in 100 Days: An Analysis of ICS
(SCADA) Software". You can view the presentation by
clicking here.