14 DAY TRIAL // The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is advising users of ICONICS GENESIS32 and BizViz to deploy a newly released patch that addresses critical vulnerability in the two SCADA products.
The stack overflow flaw was discovered by security researchers Scott Bell and Blair Strang of Security-Assessment.com and is located in GenVersion.dll, an ActiveX control present in both products..
GENESIS32 and BizViz are web-based supervisory control and data acquisition (SCADA) software applications that control critical installations in oil and gas refineries, water and power distribution plants, manufacturing factories and other industrial sites.
"If successfully exploited, this vulnerability results in remote arbitrary code execution with privileges of the current user. Actual impact to individual organizations depends on many factors that are unique to each organization.
"ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation," the ICS-CERT advisory [pdf] says.
According to ICONICS, the developer of the vulnerable products, GENESIS32 and BizViz versions 9 through 9.21 are affected by the vulnerability. The vendor claims that 55% of GENESIS32 installations are in the United States, 45% are in Europe, and 5% in Asia.
A proof-of-concept exploit for this vulnerability is publicly available and consists of pasing a specially crafted string to the "SetActiveXGUID" method. "Users could be lured into visiting malicious sites using social engineering or phishing techniques," the security researchers warn.
Manual patches are currently available for each of the products and new full versions are scheduled to be released next month. SCADA security has increasingly captured the attention of researchers ever since the Stuxnet malware was discovered.
The trojan, which is believed to be the work of one or more governments, was designed to sabotage the uranium enrichment centrifuges at Iran's Natanz nuclear plant. Experts have warned that Stuxnet is likely to result in copy cat attacks against industrial and critical installations world wide.