ICONICS Targeted in Ethical Hacking Competition

ICONICS was one of several companies targeted in the Pwn2Own Miami 2022 competition sponsored by the Zero Day Initiative. ICONICS was pleased to have the opportunity to participate again in this year's event. This statement addresses our commitment to openly and transparently addressing the findings from the event.

Security Update | Published: 4/28/2022

Foxborough, MA – April 28, 2022 – ICONICS, Inc., a group company of Mitsubishi Electric Corporation, was one of nine companies whose software components and platforms were targeted in the Pwn2Own Miami 2022 competition sponsored by the Zero Day Initiative. ICONICS was pleased to have the opportunity to participate again in this year's event. This statement addresses our commitment to openly and transparently addressing the findings from the event.

Across our industry, we all have a responsibility and duty of care to help customers deploy secure automation systems. Addressing security vulnerabilities is an ongoing challenge. ICONICS is committed to doing everything that we can to provide our customers with the most secure software possible. Participating in Pwn2Own and similar events is one of the many approaches we take to test the security of our software.

At this year’s Pwn2Own event, the teams selected software from nine different vendors to target. Vulnerabilities were found in all of them, including GENESIS64. At ICONICS, we're thankful that these items were brought to light. We strive to always be on top of software security by employing the latest techniques in secure development, and we are continuously checking for weaknesses.

We know that customers have certain environmental restrictions and simplification demands that in some cases have led them to deploy their systems in a less secure way. We urge all customers to review their ICONICS configurations on an ongoing basis and to re-examine their entire infrastructure when connecting their systems across networks or to the cloud.

We want to reassure our customers and partners of our commitment to security. We take responsibility for any gaps that are found by our own teams or at events like Pwn2Own. We are currently working on fixes to the recent findings and will make those fixes available as soon as possible. We will communicate directly with customers as soon as the fixes are available and encourage them to update their installed systems to minimize their risk. We also provide guidelines to our customers on how to deploy our software to minimize their security risk.

We have a tremendous appreciation for what the ZDI and Pwn2Own have done to increase awareness about the importance of industrial control system security. We are thankful for the opportunity to participate in this event that gave the world's best security experts a stage (with incentive and motivation) to uncover new vulnerabilities in a responsible and ethical way. It confirms that the investments we continue to make to improve the security of our products are valuable to our customers. For additional information about our work in the security area, please contact us and/or visit our blog post.

About ICONICS
ICONICS is headquartered in Foxborough, Massachusetts and is a global software developer of visualization, HMI, SCADA, and energy solutions. With installations running in over 100 countries worldwide and over 70 percent of Global 500 companies, ICONICS software is recommended for automating, monitoring, and optimizing a customer's most critical assets. ICONICS offers competitive software products for various business sectors, such as manufacturing, industrial and building automation, and it possesses advanced technology and remarkable industry leading knowledge in the development of industrial software. ICONICS was named finalist by Microsoft in 2021 as Sustainability Changemaker Partner of the Year and has been recognized ten times for a Microsoft Partner of the Year award.