May 13, 2011

US companies in the electricity, oil and gas, manufacturing and water treatment sectors have been warned remote software can control industrial systems

US-CERT Warns of Serious Hole In ActiveX Control From Iconics
"The US's Computer Emergency Response Team (CERT) issued a warning (PDF) to critical infrastructure firms on Wednesday about a serious security hole in products from Massachusetts firm Iconics that could leave critical systems vulnerable to remote attacks. US companies in the electricity, oil and gas, manufacturing and water treatment sectors have been warned about a flaw in an ActiveX control used in two products by Iconics. The software, Genesis32 and BizViz, are Human-Machine Interface (HMI) products that provide a graphical user interface to various types of industrial control systems. The software can control industrial systems used for a variety of purposes including manufacturing, building automation, oil and gas, water and waste water treatment, among other applications."