sb-eu logo
Story image

OT networks warned of vulnerabilities in CodeMeter software

16 Sep 2020

Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.

CodeMeter enables software makers to define licenses for products. It also includes encryption services and anti-tampering, as well as technology that stops reverse engineering. This can be found on many products used in industrial environments.

Previous CodeMeter versions contain several vulnerabilities that, if exploited, could allow attackers to take control of operational technology (OT) networks.

Flagged by security firm Claroty, the CodeMeter vulnerabilities could be exploited through phishing emails or directly through the solution. This could result in software licence modification, and incidents that could cause systems to crash. Attackers could also execute code remotely and move laterally through networks.

A convincing phishing attempt could be as simple as tricking an engineer into visiting the attacker’s website, which then infects a machine with malware or exploits. Once that machine is connected to an OT network, attackers could quickly gain access.

Documented vulnerabilities include CVE-2020-14519 which relates to CodeMeter’s WebSocket. It could allow attackers to inject modified or forged valid licenses. CVE-2020-14515 could allow attackers to bypass digital signatures and replace them with their own licenses, and CVE-2020-14513 could be exploited to cause devices and systems to crash, leading to a denial of service situation.

“The vulnerabilities described allow an attacker that is either performing a phishing campaign, or one that already has network access to engineering stations and HMIs in critical environments to completely take over those hosts running ICS software from many of the leading vendors," Claroty states.

"This means the attacker may impact and modify physical processes (as was done in the Triton attacks using Industroyer) or install ransomware, as was alleged in the recent incident affecting Japanese automaker Honda, and effectively take down the ICS environment."

Wibu Systems has included patches in CodeMeter version 7.10. Organisations should update to this version as soon as possible.

Further,  Claroty states that many of the affected vendors have been notified and have added, or are in the process of, adding the fixes to their respective installers.

Organisations should also Block TCP port 22350 (CodeMeter network protocol) on their border firewall to block the ability to exploit the vulnerability.

Further, organisations should contact their vendors to find out if they support manual CodeMeter software upgrades that enable the upgrade of third-party components rather than the entire stack. 

Claroty has also developed an online tool to detect any CodeMeter products running on systems. This tool is available from Claroty’s website.

Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
Interview: Check Point profiles 5 battles that SOC teams face in 2020
Security operations centres (SOCs) are often the first lines of defence.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More