sb-nz logo
Story image

OT networks warned of vulnerabilities in CodeMeter software

16 Sep 2020

Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.

CodeMeter enables software makers to define licenses for products. It also includes encryption services and anti-tampering, as well as technology that stops reverse engineering. This can be found on many products used in industrial environments.

Previous CodeMeter versions contain several vulnerabilities that, if exploited, could allow attackers to take control of operational technology (OT) networks.

Flagged by security firm Claroty, the CodeMeter vulnerabilities could be exploited through phishing emails or directly through the solution. This could result in software licence modification, and incidents that could cause systems to crash. Attackers could also execute code remotely and move laterally through networks.

A convincing phishing attempt could be as simple as tricking an engineer into visiting the attacker’s website, which then infects a machine with malware or exploits. Once that machine is connected to an OT network, attackers could quickly gain access.

Documented vulnerabilities include CVE-2020-14519 which relates to CodeMeter’s WebSocket. It could allow attackers to inject modified or forged valid licenses. CVE-2020-14515 could allow attackers to bypass digital signatures and replace them with their own licenses, and CVE-2020-14513 could be exploited to cause devices and systems to crash, leading to a denial of service situation.

“The vulnerabilities described allow an attacker that is either performing a phishing campaign, or one that already has network access to engineering stations and HMIs in critical environments to completely take over those hosts running ICS software from many of the leading vendors," Claroty states.

"This means the attacker may impact and modify physical processes (as was done in the Triton attacks using Industroyer) or install ransomware, as was alleged in the recent incident affecting Japanese automaker Honda, and effectively take down the ICS environment."

Wibu Systems has included patches in CodeMeter version 7.10. Organisations should update to this version as soon as possible.

Further,  Claroty states that many of the affected vendors have been notified and have added, or are in the process of, adding the fixes to their respective installers.

Organisations should also Block TCP port 22350 (CodeMeter network protocol) on their border firewall to block the ability to exploit the vulnerability.

Further, organisations should contact their vendors to find out if they support manual CodeMeter software upgrades that enable the upgrade of third-party components rather than the entire stack. 

Claroty has also developed an online tool to detect any CodeMeter products running on systems. This tool is available from Claroty’s website.

Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
Got crypto? Pay tax – A quick look at IR's new crypto-asset guidance
Inland Revenue's new guidance aims to provide more certainty for New Zealand taxpayers who hold crypto-assets, and to help people ‘get things right from the start’.More