Analysis of the ICONICS GENESIS Security Vulnerabilities for Industrial Control System Professionals

A number of previously unknown security vulnerabilities in the ICONICSTM GENESIS32TM and GENESIS64TM ICS/SCADA products have been publically disclosed.

This White Paper documents the current known facts about these vulnerabilities. It then summarizes the actions that operators of SCADA and ICS systems can take to protect critical operations.  

Of concern to the SCADA and industrial control systems (ICS) community is the fact that, though these vulnerabilities may initially appear to be trivial, a more experienced attacker exploit them to gain initial system access and inject additional payloads and potentially malicious code. 

At a minimum, all vulnerabilities can be used to forcefully crash a system server causing a denial-of-service condition. What makes these vulnerabilities difficult to detect and prevent is that they expose  the core communication application within the GENESIS platform used to manage communication between various clients and services.

GENESIS64 and GENESIS32 are trademarks of ICONICS Inc

Authors:

Eric Byres, CTO, Byres Security Inc.
Joel Langill, CSO, SCADAhacker.com

Important Note:

To download this White Paper you must register to become a member  of tofinosecurity.com, the official Tofino Security site for the Tofino Industrial Security Solution. When you do this, your information will be shared with SCADAHacker.com. This is an exception to the regular Privacy Policy for this website.

Download the White Paper

PDF Analysis of the ICONICS GENESIS Security Vulnerabilities for Industrial Control System Professionals (157kb)