• Iconics Suite SCADA system vulnerable (CVE-2025-0921) allows privilege escalation via unnecessary file system operations. • Exploitation can corrupt critical binaries, leading to denial‑of‑service and system integrity compromise. • Affects Microsoft Windows 10.97.2 and earlier versions of Iconics Suite. • Iconics released advisory; applying workaround removes all reported vulnerabilities. • Palo Alto Networks OT Device Security protects customers with integrated NGFW services. • Unit 42 Incident Response team available for urgent assistance and investigation.
Article Summaries:
- Summary
A new vulnerability (CVE‑2025‑0921) has been identified in Iconics Suite, a supervisory control and data acquisition (SCADA) system used across automotive, energy, and manufacturing sectors. The flaw allows attackers to perform privileged file‑system operations on affected Windows versions (10.97.2 and earlier), potentially elevating privileges to corrupt critical binaries and trigger a denial‑of‑service condition. The issue carries a Medium CVSS score of 6.5. Iconics has issued an advisory with a workaround that eliminates all reported vulnerabilities. Palo Alto Networks’ OT Device Security can help protect customers, and the Unit 42 Incident Response team is available for suspected compromises.
Sources: