ICONICS GENESIS32 Insecure ActiveX Control

Low RiskICS-CERT ICSA-14-051-01Nov 23, 2014

Summary

GENESIS32 versions 8.0, 8.02, 8.04, and 8.05 contain an insecure ActiveX control (CWE-749) that can be exploited through malicious web pages or documents. When an authorized user visits the malicious content in Internet Explorer or Office, the control is instantiated without explicit user consent, allowing arbitrary code execution in the user's security context. No vendor patch is available for these legacy versions.

What this means

What could happen

An attacker with network access could execute arbitrary code on systems running GENESIS32 through a malicious web page or document, potentially gaining control of HMI (Human-Machine Interface) workstations and access to critical process control functions.

Who's at risk

Manufacturing and utility operators running GENESIS32 HMI software, particularly those allowing web access or email on engineering workstations. Any organization using GENESIS32 for process visualization, alarming, or control on versions 8.0 through 8.05 is at risk if workstations are connected to general networks or the internet.

How it could be exploited

An attacker crafts a malicious web page or Office document that exploits the insecure ActiveX control in GENESIS32. When an authorized user visits the page or opens the document in Internet Explorer or Office, the ActiveX control is instantiated automatically, allowing the attacker to execute code in the security context of the logged-in user.

Prerequisites

Network access to a workstation running GENESIS32 8.0–8.05
User with GENESIS32 access must visit a malicious web page or open a malicious document (social engineering or compromised website)
Internet Explorer or Microsoft Office with ActiveX enabled

No patch available (end-of-life product)ActiveX execution requires no additional authenticationAffects HMI/workstations with access to control systemsSocial engineering attack vector (web browsing, email)

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

GENESIS32: 8.0|8.02|8.04|8.058.0|8.02|8.04|8.05No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDDisable ActiveX controls in Internet Explorer for untrusted sites or restrict to trusted zones only

HARDENINGRestrict network access to GENESIS32 workstations using firewall rules; limit web browsing on engineering workstations to approved sites only

WORKAROUNDEducate users not to open attachments or click links from untrusted sources on engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for and patch Microsoft Office and Internet Explorer with latest security updates

Mitigations - no patch available

0/1

GENESIS32: 8.0|8.02|8.04|8.05 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate HMI and engineering workstations from general corporate networks

CVEs (1)

CVE-2014-0758

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ecb934e6-a91f-44ea-b7d4-67676d3cbbda