Serious hole in critical-infrastructure software

This is not a typical post for SoftElegance’s blog but the information provided below could be critical-important for our customers. Major part came from Oil and Gas, Manufacturing industries.

u.s. department of homeland security logo

“The U.S. government is warning critical-infrastructure operators of a serious hole in software used in oil and gas; water; electric utilities; and manufacturing plants around the world.”

“This vulnerability requires moderate skill to exploit,” the warning said.

Based on CNET post.

The stack overflow vulnerability affects the Genesis32 supervisory control and data acquisition (SCADA) and BizViz software sold by ICONICS, according to an advisory (PDF) released yesterday by the Department of Homeland Security’s ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). ICONICS has issued a patch to close the hole, which could allow an attacker to remotely execute code and take control of the computer.

Meanwhile, an exploit targeting the vulnerability was publicly available, the advisory said. To be successful, an attacker would need to use social engineering to lure a user with the “GenVersion.dll” (dynamic-link library) ActiveX control installed to visit a Web page that hosts malicious JavaScript. The dynamic-link library is a component of WebHMI (human machine interface) used in the ICONICS software, according to the advisory, which cited a report by researchers at Security-Assessment.

Security issues with software used to monitor and control critical-infrastructure systems are cropping up more and more as those systems adopt Web-based technologies that provide channels into previously isolated networks.


Use Custom Software Development for your business-critical processes.

Leave a Reply

Your email address will not be published. Required fields are marked *