Threat Level: green Handler on Duty: Tom Webb

SANS ISC: ActiveX Flaw Affecting SCADA systems - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ActiveX Flaw Affecting SCADA systems

Grey, maybe black and rack mounted, with a digital LED (orange?) display showing a number that may change once in a while. That's how most people probably envision SCADA systems, the automated controls that make civilization possible. After all, that's what it looked like in Dr. Evil's lair and this is about as close as most of us will ever come to these systems. Who knew that what we really have is PCs, running Windows, and systems programed to take advantage of ActiveX and browser controlls. While you are running the latest version of "Power Plant Sim" in one browser window on Facebook, your other window is controlling the real thing.

US-CERT (actually the part of it called the "ICS-CERT", or the "Industrial Control System Cyber Emergency Response Team"") alerted its constituency that a commonly used set of ActiveX controls is vulnerable to a good old stack overflow. Stack overflows are not all that hard to exploit typically, and it doesn't come as a big surprise that according to ICS-CERT, an exploit is publicly available.

If you are running a power plant, a refinery or any other system using ICONICS' GENESIS32 and BizViz software, stop playing on Facebook for a while and please patch your plant.

http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3533 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!