The ICONICS software, widely deployed in industrial SCADA systems across the globe, has been found vulnerable to attacks that enable privilege escalation, DLL hijacking, and the modification of critical system files. A total of five vulnerabilities have been identified, each with the potential to lead to the complete compromise of affected systems.
Security experts from Palo Alto Networks uncovered these flaws in versions 10.97.2 and 10.97.3, with indications that earlier releases may also be susceptible. Although the vendor has already issued patches, internet scans have revealed several dozen ICONICS servers that remain exposed and accessible online.
According to researchers, without timely updates and protective measures, these vulnerabilities could facilitate privilege escalation, denial-of-service attacks, and, in certain cases, total system compromise. The identified issues have been assigned CVSS scores ranging from 7.0 to 7.8, underscoring their high severity.
ICONICS SCADA systems are extensively utilized in critical sectors, including government, defense, manufacturing, water supply, and energy infrastructure. Prominent users of the software include power generation facilities, airports, gas plants, and major corporations such as Amazon, IBM, and Hewlett-Packard.
Some of the discovered vulnerabilities stem from outdated components. For instance, CVE-2024-7587 is linked to default configurations within the GenBroker component, which facilitates communication with industrial systems. Legacy 32-bit versions of GenBroker are particularly vulnerable to privilege escalation attacks, yet the company continues to recommend their use despite the availability of a more secure 64-bit alternative.
Another flaw, CVE-2024-1182, is associated with an obsolete SDK used for SMS notifications—Derdack’s Message Master—which has not been supported for over 15 years but remains embedded in the ICONICS AlarmWorX MMX module. As a result, systems relying on SMS alerts are especially susceptible to exploitation.
The remaining three vulnerabilities affect the latest versions of Genesis64 and GenBroker64, allowing for DLL hijacking, lateral movement within trusted network connections, and the circumvention of security mechanisms.
As of now, ICONICS has not issued an official statement regarding these security flaws, their impact on earlier software versions, or the company’s mitigation strategies. Experts strongly advise organizations to apply the available updates immediately and conduct comprehensive audits of vulnerable systems to mitigate potential risks.
