A recent security assessment by Palo Alto Networks’ Unit 42 has uncovered multiple vulnerabilities in the ICONICS Suite, a widely used Supervisory Control and Data Acquisition (SCADA) system.
These vulnerabilities, identified in versions 10.97.2 and earlier for Windows platforms, pose significant risks to critical infrastructure sectors such as government, military, manufacturing, water and wastewater, and utilities & energy.
The vulnerabilities include DLL hijacking, incorrect default permissions, and uncontrolled search path elements, which can lead to denial-of-service (DoS) conditions, privilege escalation, and full system compromise.
Vulnerability Details
The identified vulnerabilities include CVE-2024-1182, CVE-2024-7587, CVE-2024-8299, CVE-2024-8300, and CVE-2024-9852.
One of the most critical issues is the DLL hijacking vulnerability in the Memory Master Configuration (MMCFG) module, which allows attackers to elevate privileges by substituting legitimate DLL files with malicious ones.
This can result in arbitrary code execution, system integrity compromise, and persistent attacker access.
Additionally, the incorrect default permissions vulnerability in GenBroker32 can grant system-wide user access to critical directories, exposing sensitive files to potential manipulation.
The vulnerabilities in ICONICS GENESIS64, including dead code and uncontrolled search path elements, further exacerbate the risk by allowing local authenticated attackers to execute malicious code.
These vulnerabilities can be exploited to achieve persistence, stealth, and trust relationship abuse, making them particularly dangerous in operational technology (OT) environments.
ICONICS has collaborated with Unit 42 to release security patches and advisories to mitigate these issues.
Mitigation and Protection
To safeguard against these vulnerabilities, organizations can leverage solutions like Palo Alto Networks’ Industrial OT Security, which integrates with Next-Generation Firewalls to detect and prevent malicious activities.
Cortex XDR and XSIAM can detect known and novel DLL hijacking attacks, while Cortex Cloud and Xpanse provide additional layers of protection by identifying malware and exposed OT services.
Proactive measures, including regular security assessments and patching, are crucial to prevent exploitation of these vulnerabilities and ensure the security of critical infrastructure.
