ActiveX Flaw Affecting SCADA systems
Last Updated: 2011-05-12 13:03:43 UTC
by Johannes Ullrich (Version: 1)
Grey, maybe black and rack mounted, with a digital LED (orange?) display showing a number that may change once in a while. That's how most people probably envision SCADA systems, the automated controls that make civilization possible. After all, that's what it looked like in Dr. Evil's lair and this is about as close as most of us will ever come to these systems. Who knew that what we really have is PCs, running Windows, and systems programed to take advantage of ActiveX and browser controlls. While you are running the latest version of "Power Plant Sim" in one browser window on Facebook, your other window is controlling the real thing.
US-CERT (actually the part of it called the "ICS-CERT", or the "Industrial Control System Cyber Emergency Response Team"") alerted its constituency that a commonly used set of ActiveX controls is vulnerable to a good old stack overflow. Stack overflows are not all that hard to exploit typically, and it doesn't come as a big surprise that according to ICS-CERT, an exploit is publicly available.
If you are running a power plant, a refinery or any other system using ICONICS' GENESIS32 and BizViz software, stop playing on Facebook for a while and please patch your plant.
Johannes B. Ullrich, Ph.D.
SANS Technology Institute