OT-CVE Tracker
Back to CVEs

CVE-2025-11774

CriticalProof-of-Concept

ICONICS Suite Command Injection

9.8

CVSS v3.1 Base Score

Critical severity — Immediate action required

AV: Network AC: LowAuth: Required

Critical command injection in ICONICS GENESIS64 suite. ICONICS is a major SCADA/HMI platform used in building automation, energy, and manufacturing. Exploitation requires admin authentication but achieves full OS-level code execution. ICONICS servers often manage multiple OT subsystems making compromise high-impact.

Status
Proof-of-Concept
Complexity

Low

Auth Required

Yes

Initial Access

Authenticated access to ICONICS web management interface

Known Techniques
  • Command injection via configuration parameter in web management API
  • OS command execution via unsanitized database connection string fields
  • Reverse shell via injected PowerShell commands in configuration
Published:2025-03-10
Modified:2025-03-25
Vendor:ICONICS
CWE:CWE-78
Improper Neutralization of Special Elements used in an OS Command
Risk Summary
Overall RiskHigh
ExploitationProof-of-Concept
DetectionMedium coverage
Detection Rate85%
Rules Available2
Tags
SCADACommand InjectionHMIHistorian
Industry Sectors
ManufacturingEnergyBuilding AutomationWater
Related CVEs

CVE-2025-21001

Siemens SIMATIC S7-1500 Remote Code Execution

CVE-2025-15234

Schneider Electric EcoStruxure SCADA Buffer Overflow

CVE-2025-33456

Honeywell Experion PKS DCS Unauthorized Access

CVE-2025-44567

Emerson DeltaV DCS Path Traversal Vulnerability