![wibu systems codemeter wibu systems codemeter](https://cyberwatching.eu/sites/default/files/styles/product_logo/public/products/CmRuntime.png)
The worst of the bugs were found in the product’s encryption implementation that Claroty researchers leveraged to attack the CodeMeter communication protocol and internal API in order to remotely communicate with, and send commands to, any machine running CodeMeter. OT Networks at Risk for Complete Takeover The Industrial Control System Computer Emergency Response Team (ICS-CERT) today also issued an advisory about these vulnerabilities, and collectively assigned a CVSS score of 10.0, the highest criticality rating available.
#Wibu systems codemeter license#
Technical details on the vulnerabilities as well as details about how Claroty uncovered these flaws are available in a paper released today, titled “ License to Kill: Leveraging License Management to Attack ICS Networks.” 11 many of the affected vendors have been notified and have added, or are in the process of, adding the fixes to their respective installers. Wibu-Systems has made patches available for all of the flaws in version 7.10a of CodeMeter, which has been available since Aug. Claroty has built an online utility that will help users determine whether they are running a vulnerable version of CodeMeter.
![wibu systems codemeter wibu systems codemeter](https://cdn.wibu.com/fileadmin/images/2-Products/CodeMeter/CodeMeter_Runtime.png)
Customers of these and other affected companies who operate in numerous industries, including medical device makers, automakers, manufacturers, process designers, and many others, could be unaware this vulnerable component is running in their environment. Other vendors are expected to confirm as well Claroty has published a list of affected vendors that will be updated periodically.
#Wibu systems codemeter software#
Serious encryption implementation issues, also discovered by Claroty, can be exploited to allow attackers to execute code remotely, and move laterally on OT networks.ĬodeMeter is widely used by many of the leading ICS software vendors, including Rockwell Automation and Siemens, both of whom confirmed in advisories they are affected by these flaws. These flaws can be exploited via phishing campaigns or directly by attackers who would be able to fingerprint user environments in order to modify existing software licenses or inject malicious ones, causing devices and processes to crash. Six critical vulnerabilities have been uncovered by Claroty researchers in Wibu-Systems’ CodeMeter third-party license management component that could expose users in numerous industries to takeover of their operational technology (OT) networks.