ICONICS Login ActiveX Vulnerability

Low RiskICS-CERT ICSA-11-182-02Apr 3, 2011

Summary

A buffer overflow vulnerability (CWE-119) exists in the login ActiveX control used by ICONICS GENESIS32 and BizViz versions 8.05, 9.0, 9.1, and 9.2. An attacker could exploit this vulnerability to execute arbitrary code on an affected workstation. No vendor patch is available for any affected version.

What this means

What could happen

An attacker with access to the login ActiveX control could exploit a buffer overflow vulnerability to execute arbitrary code on engineering workstations running GENESIS32 or BizViz, potentially allowing them to modify process configurations or gain further access to the control system network.

Who's at risk

Organizations running ICONICS GENESIS32 or BizViz for supervisory control and data acquisition (SCADA) or human-machine interface (HMI) functions are affected. This includes water utilities, electric utilities, and other critical infrastructure operators that depend on GENESIS32 or BizViz for monitoring and control of industrial processes.

How it could be exploited

An attacker crafts a malicious input to the login ActiveX control (likely through a web page or local interface) that triggers a buffer overflow (CWE-119). If the workstation runs vulnerable versions of GENESIS32 or BizViz with ActiveX controls enabled, the overflow could allow code execution with the privileges of the user running the application. This would typically require local or network access to the engineering workstation and user interaction to load a malicious page or file.

Prerequisites

- User must interact with or visit a location hosting the malicious input (e.g., a web page, email link, or file) - ActiveX controls must be enabled in the browser or application - Target system must be running one of the vulnerable GENESIS32 or BizViz versions (8.05, 9.0, 9.1, or 9.2) - Typically requires local network access to the engineering workstation

- Buffer overflow vulnerability (CWE-119) with low complexity exploitation - No patch available for any affected version - Affects engineering workstations with direct access to control systems - Requires user interaction (moderate risk mitigation factor)

Exploitability

Moderate exploit probability (EPSS 4.3%)

Affected products (8)

8 pending

ProductAffected VersionsFix Status

GENESIS32: 8.058.05No fix yet

GENESIS32: 9.09.0No fix yet

GENESIS32: 9.19.1No fix yet

GENESIS32: 9.29.2No fix yet

BizViz: 8.058.05No fix yet

BizViz: 9.09.0No fix yet

BizViz: 9.19.1No fix yet

BizViz: 9.29.2No fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGDisable ActiveX controls in web browsers on engineering workstations if not required for operations

HARDENINGRestrict access to GENESIS32 and BizViz engineering workstations to trusted networks only; implement firewall rules to block unnecessary inbound connections

HARDENINGEducate operators and engineers to avoid clicking untrusted links or opening suspicious files on engineering workstations

Long-term hardening

0/1

HOTFIXMonitor ICONICS for any vendor updates or patches and evaluate upgrade to a newer, supported version of GENESIS32 or BizViz if available

CVEs (1)

CVE-2011-5089

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1845417c-5373-4e56-8157-29c760dadf67