sb-nz logo
Story image

OT networks warned of vulnerabilities in CodeMeter software

16 Sep 2020

Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.

CodeMeter enables software makers to define licenses for products. It also includes encryption services and anti-tampering, as well as technology that stops reverse engineering. This can be found on many products used in industrial environments.

Previous CodeMeter versions contain several vulnerabilities that, if exploited, could allow attackers to take control of operational technology (OT) networks.

Flagged by security firm Claroty, the CodeMeter vulnerabilities could be exploited through phishing emails or directly through the solution. This could result in software licence modification, and incidents that could cause systems to crash. Attackers could also execute code remotely and move laterally through networks.

A convincing phishing attempt could be as simple as tricking an engineer into visiting the attacker’s website, which then infects a machine with malware or exploits. Once that machine is connected to an OT network, attackers could quickly gain access.

Documented vulnerabilities include CVE-2020-14519 which relates to CodeMeter’s WebSocket. It could allow attackers to inject modified or forged valid licenses. CVE-2020-14515 could allow attackers to bypass digital signatures and replace them with their own licenses, and CVE-2020-14513 could be exploited to cause devices and systems to crash, leading to a denial of service situation.

“The vulnerabilities described allow an attacker that is either performing a phishing campaign, or one that already has network access to engineering stations and HMIs in critical environments to completely take over those hosts running ICS software from many of the leading vendors," Claroty states.

"This means the attacker may impact and modify physical processes (as was done in the Triton attacks using Industroyer) or install ransomware, as was alleged in the recent incident affecting Japanese automaker Honda, and effectively take down the ICS environment."

Wibu Systems has included patches in CodeMeter version 7.10. Organisations should update to this version as soon as possible.

Further,  Claroty states that many of the affected vendors have been notified and have added, or are in the process of, adding the fixes to their respective installers.

Organisations should also Block TCP port 22350 (CodeMeter network protocol) on their border firewall to block the ability to exploit the vulnerability.

Further, organisations should contact their vendors to find out if they support manual CodeMeter software upgrades that enable the upgrade of third-party components rather than the entire stack. 

Claroty has also developed an online tool to detect any CodeMeter products running on systems. This tool is available from Claroty’s website.

Story image
Facial recognition control solution hits A/NZ
The facial recognition reader scans users’ faces to identify them before providing access.More
Story image
DevSecOps increasingly important, but APAC organisations lagging behind
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the benefits of Boundless Cybersecurity
Today's interviewee will discuss the ins and outs of the company's Boundless Cybersecurity solution and how it can help APAC organisations adjust to the new normal, as well as explaining the 'cybersecurity business gap'.More
Story image
Kaspersky unveils two major update to its Transparency Initiative
The company has announced the opening of a new Transparency Center, as well as the ompletion of a widespread transferal of data storage and processing activities to Switzerland.More
Story image
Spark's CCL signs multimillion-dollar object storage deal with Cloudian
“With public cloud soaring and the expected local entry of CCL’s strategic partner, Microsoft, in the next few years, NZ’s ICT future is certain to be hybrid."More
Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More