Summary: ICONICS SCADA software, used globally in critical infrastructure, has been found to contain at least five vulnerabilities allowing for privilege escalation, DLL hijacking, and modification of critical files. Despite patches being released, numerous servers remain exposed on the public internet. The vulnerabilities primarily affect versions 10.97.2 and 10.97.3, posing serious risks to key sectors including government and manufacturing.
Affected: ICONICS SCADA software systems
Keypoints :
- Five vulnerabilities rated between 7 and 7.8 on the CVSS severity scale related to privilege escalation, denial of service, and file tampering.
- Vulnerabilities were discovered by Palo Alto Networks and have been patched, but numerous installations remain exposed online.
- Specific vulnerabilities exploit outdated or insecure components integrated with ICONICS software, including legacy tools and software development kits.
Source: https://cyberscoop.com/iconics-scada-vulnerabilities-2025-palo-alto/