Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: ActiveX Flaw Affecting SCADA systems - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ActiveX Flaw Affecting SCADA systems

Grey, maybe black and rack mounted, with a digital LED (orange?) display showing a number that may change once in a while. That's how most people probably envision SCADA systems, the automated controls that make civilization possible. After all, that's what it looked like in Dr. Evil's lair and this is about as close as most of us will ever come to these systems. Who knew that what we really have is PCs, running Windows, and systems programed to take advantage of ActiveX and browser controlls. While you are running the latest version of "Power Plant Sim" in one browser window on Facebook, your other window is controlling the real thing.

US-CERT (actually the part of it called the "ICS-CERT", or the "Industrial Control System Cyber Emergency Response Team"") alerted its constituency that a commonly used set of ActiveX controls is vulnerable to a good old stack overflow. Stack overflows are not all that hard to exploit typically, and it doesn't come as a big surprise that according to ICS-CERT, an exploit is publicly available.

If you are running a power plant, a refinery or any other system using ICONICS' GENESIS32 and BizViz software, stop playing on Facebook for a while and please patch your plant.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
May 12th 2011

Sign Up for Free or Log In to start participating in the conversation!