sb-au logo
Story image

OT networks warned of vulnerabilities in CodeMeter software

16 Sep 2020

Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.

CodeMeter enables software makers to define licenses for products. It also includes encryption services and anti-tampering, as well as technology that stops reverse engineering. This can be found on many products used in industrial environments.

Previous CodeMeter versions contain several vulnerabilities that, if exploited, could allow attackers to take control of operational technology (OT) networks.

Flagged by security firm Claroty, the CodeMeter vulnerabilities could be exploited through phishing emails or directly through the solution. This could result in software licence modification, and incidents that could cause systems to crash. Attackers could also execute code remotely and move laterally through networks.

A convincing phishing attempt could be as simple as tricking an engineer into visiting the attacker’s website, which then infects a machine with malware or exploits. Once that machine is connected to an OT network, attackers could quickly gain access.

Documented vulnerabilities include CVE-2020-14519 which relates to CodeMeter’s WebSocket. It could allow attackers to inject modified or forged valid licenses. CVE-2020-14515 could allow attackers to bypass digital signatures and replace them with their own licenses, and CVE-2020-14513 could be exploited to cause devices and systems to crash, leading to a denial of service situation.

“The vulnerabilities described allow an attacker that is either performing a phishing campaign, or one that already has network access to engineering stations and HMIs in critical environments to completely take over those hosts running ICS software from many of the leading vendors," Claroty states.

"This means the attacker may impact and modify physical processes (as was done in the Triton attacks using Industroyer) or install ransomware, as was alleged in the recent incident affecting Japanese automaker Honda, and effectively take down the ICS environment."

Wibu Systems has included patches in CodeMeter version 7.10. Organisations should update to this version as soon as possible.

Further,  Claroty states that many of the affected vendors have been notified and have added, or are in the process of, adding the fixes to their respective installers.

Organisations should also Block TCP port 22350 (CodeMeter network protocol) on their border firewall to block the ability to exploit the vulnerability.

Further, organisations should contact their vendors to find out if they support manual CodeMeter software upgrades that enable the upgrade of third-party components rather than the entire stack. 

Claroty has also developed an online tool to detect any CodeMeter products running on systems. This tool is available from Claroty’s website.

Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Story image
Identity in the age of eKYC & digital onboarding journeys
When an onboarding process is architected correctly, there are tangible benefits for customer satisfaction.More
Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More