On March 21, 2011, US-CERT issued a series of alerts regarding possibly vulnerabilities in four companies' SCADA software products, based upon the work of an independent researcher. One alert discussed possible vulnerabilities in ICONICS' GENESIS32™ and GENESIS64™ products.
ICONICS takes this alert very seriously and in cooperation with US-CERT is investigating the issues raised in the alert, as well as whether any further action is required.
ICONICS recommends that control system devices and servers should not directly face the Internet and should be located behind secure firewalls. If remote access is required, secure methods, such as Virtual Private Networks (VPNs) should be employed.
ICONICS is not aware of any instance in which an ICONICS SCADA system has been compromised by unauthorized access.