ICS-CERT Updates Iconics Genesis Vulnerabilities

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an advisory on multiple vulnerabilities in the Iconics Genesis HMI-SCADA products. This advisory provides updated information on the 13 vulnerabilities reported by Luigi back in March as well as providing information on a newly reported vulnerability discovered by a reader of this blog, Joel Langill of SCADAHacker.

Joel was a co-author of a white paper on the Genesis vulnerabilities that I reported on last month. He also discovered that a bundled component of the Genesis system made that system vulnerable to the vulnerability identified in (CVE-2007-6483) the SafeNet Sentinel License Monitor service. Note that this general vulnerability was first identified in 2007 yet is just now being reported in this product.

Iconics has verified all 14 vulnerabilities and has published a software update that addresses the identified problems. Additionally ICS-CERT recommends the following additional mitigation measures:

• Use a firewall to restrict unnecessary or unwanted traffic, specifically to the affected Ports 38080/TCP and 6002/TCP.

• If an intrusion detection system (IDS) is used, update to the latest IDS signatures.

• Minimize exposure of vulnerable systems to external networks. If remote access is required, use secure methods such as Virtual Private Networks (VPNs).