Home -> Resources -> SCADA/ICS Vulnerability Reference -> Iconics GENESIS32

Iconics GENESIS32 Multiple Memory Corruption Vulnerabilities

September 30, 2011

Multiple vulnerabilities have been reported by security researchers Billy Rios and Terry McCorkle in ICONICS GENESIS32, which can be exploited by malicious people to compromise a user's system. Eight memory corruption vulnerabilities have been found affecting the following components:

-  ScriptWorX32
-  AlarmWorX32
-  TrendWorX32
-  GraphWorX32

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. Failed exploit attempts will likely result in denial-of-service conditions.

The vulnerabilities are reported in versions 8.05, 9.0, 9.1, and 9.2.

SCADAhacker comment:
Billy Rios and Terry McCorkle presented at DerbyCon 2011 a session entitled "100 Bugs in 100 Days: An Analysis of ICS (SCADA) Software". You can view the presentation by clicking here.

ICS-CERT Advisories / Alerts

ICSA-11-273-01

Vendor Website (include Patches / Hotfixes)

GENESIS32 Product Homepage

Exploit Proof-of-Concept

No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Open-Source Vulnerability Database #76262
Open-Source Vulnerability Database #76263
Open-Source Vulnerability Database #76264
Open-Source Vulnerability Database #76265
Secunia Advisory #46351
Secunia Vulnerability Report and Statistics on Iconics GENESIS 32 8.x
Secunia Vulnerability Report and Statistics on Iconics GENESIS 32 9.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 49902

More ICONICS Holes (ISSSource)