Full Report
The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification and even total system compromise. The post Multiple vulnerabilities found in ICONICS industrial SCADA software appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Multiple Flaws in ICONICS SCADA Software Leading to Compromise
## CVE Details
The article mentions one specific CVE, though it refers to a suite of five vulnerabilities found by Palo Alto Networks.
- CVE ID: CVE-2024-7587 (and four others)
- CVSS Score: Between 7.0 and 7.8 (Medium to High severity range for the disclosed flaws)
- CWE: Not explicitly stated, but weaknesses include flaws related to DLL hijacking and file tampering.
## Affected Systems
- Products: ICONICS SCADA software suite.
- Versions: Versions 10.97.2, 10.97.3, and possibly earlier versions.
- Configurations: Specifically notes that older 32-bit versions of the GenBroker component are vulnerable to privilege escalation when communicating via OT protocols (OPC, Modbus, BACnet).
## Vulnerability Description
A suite of at least five vulnerabilities was discovered in ICONICS SCADA software, which is widely used in critical infrastructure sectors (government, military, manufacturing, water/wastewater, energy). These flaws collectively allow for privilege escalation, DLL hijacking, file modification/tampering, denial of service (DoS), and in specific circumstances, total system compromise. One key vulnerability mentioned (CVE-2024-7587) appears to target the GenBroker tool, which handles communication with legacy Operational Technology (OT) devices, exploiting default settings or insecure reliance on older 32-bit components.
## Exploitation
- Status: Patched, but public internet scans indicate "several dozen" vulnerable servers remain exposed. (Implies exploitation risk remains high due to unpatched systems.)
- Complexity: Not explicitly detailed, but impacts ranging from DoS to system compromise suggest varying complexity. Privilege escalation via DLL hijacking is typically considered medium complexity.
- Attack Vector: Likely Network or Adjacent, given the presence of publicly exposed servers and involvement of connectivity tools like GenBroker.
## Impact
- Confidentiality: High (Potential for full system compromise).
- Integrity: High (Ability to modify critical files).
- Availability: Medium to High (Denial of service possible).
## Remediation
### Patches
- Patches are available, as the vulnerabilities have been "since-patched" by ICONICS following discovery by Palo Alto Networks. Specific patch versions are not detailed in this summary.
### Workarounds
- Details on specific workarounds are not provided in the source text, but researchers noted that systems *without* workarounds or remediations are fully exposed.
## Detection
- Indicators of Compromise (IoCs): Not explicitly listed in this summary, but potential IoCs would relate to unauthorized file modifications, unexpected process execution, or privilege escalation events within the SCADA environment utilizing ICONICS components.
- Detection Methods and Tools: Monitoring for known communication patterns exploited by the GenBroker flaws or using network security monitoring tools to detect suspicious traffic directed at SCADA/OT protocols.
## References
- Vendor Advisories: Palo Alto Networks Unit 42 researchers published details of the findings.
- Relevant Links:
- Palo Alto Networks write-up: hXXps://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/