OTPulse
FeedAboutContact

ICONICS GENESIS32 and BizViz ActiveX Stack Overflow

Act Now9.8ICS-CERT ICSA-11-131-01Feb 11, 2011
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A stack overflow vulnerability exists in the ICONICS GENESIS32 and BizViz ActiveX controls (versions 9 through 9.21). The vulnerability is triggered when a malicious ActiveX object is loaded, allowing an attacker to execute arbitrary code with the privileges of the user running the application. This affects all versions of GENESIS32 and BizViz from 9.0 to 9.21, with no vendor fix currently available.

What this means
What could happen
An attacker could execute arbitrary code on a computer running GENESIS32 or BizViz through a malicious ActiveX control, potentially gaining full control of the system and any connected processes or historian databases.
Who's at risk
Operators and engineers using ICONICS GENESIS32 or BizViz for SCADA visualization, process monitoring, or data analysis are affected. These systems are commonly found in water utilities, electric utilities, and manufacturing facilities for real-time process control and dashboarding.
How it could be exploited
An attacker sends a malicious web page or document containing a crafted ActiveX object to a user. When the user opens or views this content in a browser or application that loads the vulnerable ActiveX control, a stack overflow occurs, allowing the attacker to run arbitrary code with the privileges of the user running the application.
Prerequisites
  • User must open a malicious web page or document in a browser or application that loads the ActiveX control
  • No authentication required
  • No special configuration needed—the vulnerability exists in the default ActiveX control
remotely exploitableno authentication requiredlow complexityhigh EPSS score (74.6%)no patch availableaffects control system visualization and historian access
Exploitability
High exploit probability (EPSS 74.6%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
GENESIS32: >=9|<=9.21≥ 9|≤ 9.21No fix (EOL)
BizViz: >=9|<=9.21≥ 9|≤ 9.21No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDRestrict or disable the GENESIS32 and BizViz ActiveX controls in your browsers and applications to prevent automatic loading
HARDENINGDisable ActiveX support in Internet Explorer and Edge, or restrict it to trusted sites only
HARDENINGImplement network-level controls to prevent users from accessing untrusted websites that could deliver malicious content
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGIsolate GENESIS32 and BizViz systems on a restricted network segment with limited inbound internet access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/39fe0a22-cea4-4936-b57d-b3b1b2c3b5ed