Cybersecurity specialists detected at least six vulnerabilities in CodeMeter, a set of solutions developed by Germany-based Wibu-Systems. According to the report, successful exploitation of these failures could expose multiple industrial products and systems to severe safety risks.
CodeMeter’s main job is to protect industrial systems from hacking and reverse engineering attempts, as well as to provide license management for protection against other cyberattack variants.
Because CodeMeter supports a wide range of industrial applications, controllers, and even Internet of Things (IoT) devices, the scope of a potential attack is considerable. CodeMeter also inherited some problems from WibuKey, a DRM solution widely used for Siemens industrial products that also had continuous failures.
The report, prepared by security firm Claroty, mentions that some of the flaws could be exploited to launch attacks on critical industrial control systems, disrupting processes, installing ransomware or even running additional exploits. Researchers reported this finding to CodeMeter in February 2019, although updates were released at different times over the past year. CodeMeter version 7.10 contains all the necessary patches.
Claroty has reported many other flaws found in CodeMeter, including multiple memory corruption errors, encryption failures, and other weaknesses that allow you to deploy denial of service (DoS) attacks, arbitrary code execution, among other attacks. In the report, researchers detail a possible attack scenario that requires a threat actor to configure a malicious website to send a malicious license to the target user. When processing this license, CodeMeter generates a DoS condition.
Previously, the Agency for Cybersecurity and Infrastructure Security (CISA) also published a report on these failures, alerting industrial environments with implementations of Rockwell Automation, Schneider Electric, Siemens and Wago.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.