Vulnerable ICONICS SCADA software still prevalent despite patches

Dozens of internet-exposed ICONICS Suite SCADA servers — which are commonly used by manufacturing, energy, water and wastewater, government, and military entities — remained vulnerable to attacks exploiting five high-severity flaws months after patches were released, according to CyberScoop.

While a pair of vulnerabilities, tracked as CVE-2024-7587 and CVE-2024-1182, stemmed from ICONICS utilization of outdated tools and components for industrial control system interoperability, three of the security issues, tracked as CVE-2024-8299, CVE-2024-8300, and CVE-2024-9852, affect the latest iterations of its tools and could be leveraged to facilitate phantom DLL hijacking and lateral movement while circumventing endpoint detection and response systems, a report from Palo Alto Networks Unit 42 threat researchers revealed.

"On unpatched ICONICS installations without any workarounds or remediations, these vulnerabilities could lead to escalation of privileges, [denial of service] and in specific circumstances, even full system compromise," said Unit 42 researchers.

More information regarding the security flaws and their remediation were not provided by ICONICS.