Multiple vulnerabilities found in ICONICS industrial SCADA software | CyberScoop<\/title> <meta name=\"description\" content=\"A set of ICONICS SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/iconics-scada-vulnerabilities-2025-palo-alto\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Multiple vulnerabilities found in ICONICS industrial SCADA software\"> <meta property=\"og:description\" content=\"A set of ICONICS SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/iconics-scada-vulnerabilities-2025-palo-alto\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-03-10T20:13:21+00:00\"> <meta property=\"article:modified_time\" content=\"2025-03-10T20:13:23+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg\"> <meta property=\"og:image:width\" content=\"2384\"> <meta property=\"og:image:height\" content=\"1257\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1741103813g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83796\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83796\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ficonics-scada-vulnerabilities-2025-palo-alto%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ficonics-scada-vulnerabilities-2025-palo-alto%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83796 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/iconics-scada-vulnerabilities-2025-palo-alto\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.27147766323\">\n<div class=\"single-article__header-content\" readability=\"35.542288557214\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/iconics-scada-vulnerabilities-2025-palo-alto\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p> The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification and even total system compromise. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83796\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"338\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software.jpg?resize=640%2C338&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg 2384w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=300,158 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=768,405 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=1024,540 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=1536,810 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=2048,1080 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=600,316 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=1200,633 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-2.jpg?resize=1500,791 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification and even total system compromise. (Image Credit: AndreyPopov via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"45.431619256018\"><body readability=\"92.188076827139\"><\/p>\n<p>A popular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files.<\/p>\n<p>The vulnerabilities were found within a suite of software made by ICONICS, which claims on its website that its SCADA software is embedded in \u201chundreds of thousands of installations running in over 100 countries worldwide and running in over 70 percent of Global 500 companies.\u201d<\/p>\n<p>The flaws, which are known to affect versions 10.97.2 and 10.97.3 and possibly earlier versions, were discovered by Palo Alto Networks last year and have since been patched. However, public internet scans have identified \u201cseveral dozen\u201d vulnerable ICONICS servers that remain publicly connected to the internet.<\/p>\n<p>\u201cOn unpatched ICONICS installations without any workarounds or remediations, these vulnerabilities could lead to escalation of privileges, [denial of service] and in specific circumstances, even full system compromise,\u201d <a href=\"https:\/\/unit42.paloaltonetworks.com\/vulnerabilities-in-iconics-software-suite\/\">wrote<\/a> researchers Asher Davila and Malav Vyas.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>All five of the vulnerabilities rate between a 7 and 7.8 on the CVSS severity scale, and include flaws for DLL hijacking, file tampering, denial of service and dead code vulnerabilities.<\/p>\n<p>According to Palo Alto Networks, ICONICS Suite servers are primarily used in the government, military, manufacturing, water and wastewater and energy sectors, and are used for automation, data analysis and industrial Internet of Things cloud integration. On the \u201csuccess stories\u201d section of its website, the company lists as clients dozens of power and wind generation facilities, airports, natural gas plants and localities around the world.<\/p>\n<p>According to <a href=\"https:\/\/enlyft.com\/tech\/products\/iconics\">data<\/a> from business intelligence vendor Enlyft, ICONICS software is used by large businesses like Amazon, IBM, Hewlett-Packard, and the vast majority of its clients are industrial businesses that are based in the United States.<\/p>\n<p>ICONICS did not respond to CyberScoop\u2019s request for comment on remediation, investigation details, and the vulnerabilities\u2019 impact on earlier software versions. <\/p>\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software.png?w=640&ssl=1\" alt><figcaption class=\"wp-element-caption\"> A CVE list of five vulnerabilities affecting ICONICS software discovered by Palo Alto Networks over the past year. (Source: Palo Alto Networks) <\/figcaption><\/figure>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Some of the weaknesses appear to relate to how ICONICS relies on older, less secure versions of other tools and components to make its software interoperable with industrial control systems.<\/p>\n<p>One vulnerability (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-7587\">CVE-2024-7587<\/a>) exploits default settings in how ICONICS software communicates with operational technology. This is done through use of a tool, called GenBroker, that works with legacy implementations of Open Platform Communications servers and other OT device communication protocols like Modbus and BACnet. But older 32-bit versions of GenBroker are vulnerable to privilege escalation attacks. ICONICS recommends using the older, insecure version on its configuration page, even when a more secure, 64-bit version is already installed on the device. <\/p>\n<p>Another vulnerability (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-1182\">CVE-2024-1182<\/a>) used an outdated version of a software development kit for SMS messaging known as Derdack\u2019s Message Master that has \u201cbeen deprecated for approximately 15 years with no ongoing support.\u201d<\/p>\n<p>\u201cWhile no longer maintained, the Message Master SMS SDK is still integrated into the ICONICS Suite AlarmWorX MMX module,\u201d researchers wrote. \u201cThis module is responsible for facilitating SMS and pager alerts. When those applications use Message Master SMS SDK, they are exposed to the underlying vulnerabilities present\u201d in the software.<\/p>\n<p>Newer versions of these tools were not immune to exploitation. The other three vulnerabilities described by Palo Alto Networks all exist within the latest versions of Genesis64 and GenBroker64, allowing for phantom DLL hijacking, lateral movement, abuse of trusted relationships and bypassing endpoint detection and response protections.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/iconics-scada-vulnerabilities-2025-palo-alto\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multiple vulnerabilities found in ICONICS industrial SCADA software | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[578,715,3867,310,643],"tags":[580,720,3868,311,645],"class_list":["post-7435","post","type-post","status-publish","format-standard","hentry","category-industrial-control-systems-ics","category-palo-alto-networks","category-scada","category-technology","category-vulnerabilities","tag-industrial-control-systems-ics","tag-palo-alto-networks","tag-scada","tag-technology","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/industrial-control-systems-ics\/\" rel=\"category tag\">industrial control systems (ICS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/scada\/\" rel=\"category tag\">SCADA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7435"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7435\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7435,"date":"2025-03-10T15:13:21","date_gmt":"2025-03-10T20:13:21","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83796"},"modified":"2025-03-10T15:13:21","modified_gmt":"2025-03-10T20:13:21","slug":"multiple-vulnerabilities-found-in-iconics-industrial-scada-software","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/03\/10\/multiple-vulnerabilities-found-in-iconics-industrial-scada-software\/","title":{"rendered":"Multiple vulnerabilities found in ICONICS industrial SCADA software"},"content":{"rendered":"