Multiple SCADA Vulnerabilities Let Attackers Trigger DoS & Elevate Privileges

The security flaws, discovered in ICONICS Suite versions 10.97.2 and 10.97.3 for Windows platforms, could enable attackers to escalate privileges, trigger denial-of-service conditions, and potentially achieve full system compromise if left unpatched. Researchers at Plao Alto Networks shown how the installation modifies the access control list for C:\ProgramData\ICONICS, where every logged user on the system is granted full access rights to critical configuration files, potentially allowing attackers to hijack system components. If the DLL isn’t found in system directories, the application searches the current working directory, allowing attackers to place malicious DLLs for execution with elevated privileges. Multiple critical vulnerabilities in ICONICS SCADA systems were uncovered recently by the researchers from Palo Alto Networks’ Unit 42, widely deployed across government, military, manufacturing, and utility sectors. The vulnerabilities affect the ICONICS Genesis64 suite, which establishes connectivity with operational technology (OT) device protocols including BACnet and Modbus, while facilitating communication with OPC servers. When users install the GenBroker32 utility, it triggers permission changes in critical directories containing key binaries and configuration files for the ICONICS Suite. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. When a user initiates an ANSI modem, it starts the Memory Master configuration tool (MMCfg.exe). During execution, this tool attempts to load a file named REVERB1.dll without proper path specification. As Windows searches for this DLL in the current working directory, attackers can place a malicious DLL to achieve arbitrary code execution. Palo Alto Networks customers are protected through various security products including Industrial OT Security, Cortex XDR, XSIAM, and Cortex Xpanse.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 15:40:11 +0000

Cyber News related to Multiple SCADA Vulnerabilities Let Attackers Trigger DoS & Elevate Privileges

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks - The Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatched. The US cybersecurity agency CISA published an ...
1 year ago Securityweek.com

UK Government Releases Cloud SCADA Security Guidance - The UK's National Cyber Security Centre released security guidance on Monday to help organizations that use operational technology determine whether they should migrate their supervisory control and data acquisition systems to the cloud. SCADA ...
1 year ago Securityweek.com

How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com

CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago

Multiple SCADA Vulnerabilities Let Attackers Trigger DoS & Elevate Privileges - The security flaws, discovered in ICONICS Suite versions 10.97.2 and 10.97.3 for Windows platforms, could enable attackers to escalate privileges, trigger denial-of-service conditions, and potentially achieve full system compromise if left unpatched. ...
3 months ago Cybersecuritynews.com

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
8 months ago Wordfence.com Slug

CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, ...
2 years ago

CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
4 years ago

CVE-2025-21881 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago

CVE-2008-2639 - Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. The ...
6 years ago

CVE-2025-20154 - A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service ...
1 month ago

US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
1 year ago Go.theregister.com CVE-2024-23816 CVE-2023-51440 CVE-2024-22042

How Do Industrial Control Systems Work - An industrial control system (ICS) is a type of computer system that is used to monitor and control industrial processes and infrastructure. These systems are used in a variety of industries, such as oil and gas, chemical, water and wastewater, ...
2 years ago Heimdalsecurity.com

Mimecast Acquires User Education Startup Elevate Security - Email security mainstay Mimecast on Thursday announced the acquisition of Elevate Security, a venture-backed startup working on technology in the user-education and awareness training space. Financial terms of the transaction were not released. The ...
1 year ago Securityweek.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com

CVE-2025-37741 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Mimecast Announces Acquisition of Elevate Security - In a pivotal move that elevates cybersecurity to a new level, Mimecast, a leading email and collaboration security company, has acquired Elevate Security, a pioneer in human risk management solutions. This strategic acquisition promises a paradigm ...
1 year ago Cybersecuritynews.com

CVE-2018-16371 - PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: gTeam&mUser&aindex&keyword, gTeam&mUser_group&aindex&keyword, gTeam&mDepartment&aindex&keyword, and ...
6 years ago

CVE-2023-52934 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago

Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu

Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com

CVE-2021-22676 - UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and ...
3 years ago

CVE-2023-0595 - A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure ...
2 years ago