Wednesday, January 20, 07:25
Home security Vulnerabilities in CodeMeter expose ICS to attacks

Vulnerabilities in CodeMeter expose ICS to attacks

As reported by the cyber security company Claroty, some vulnerabilities discovered in CodeMeter, a popular licensing and DRM product created by the German Wibu-Systems, can expose industrial systems to remote attacks.

CodeMeter

CodeMeter is designed to protect software from piracy and reverse engineering, offering license management capabilities, and includes security features that provide protection against infringement and other attacks.

CodeMeter can find many applications, but is often found in industrial products, including industrial computers, IIoT devices, and controllers. He is considered his successor WibuKey, an older product that had previously exposed industrial products by Siemens and other retailers to attacks due to serious vulnerabilities.

Claroty researchers, they discovered six vulnerabilities in CodeMeter, some of which could be exploited to launch attacks against industrial control systems (ICS). Two of these vulnerabilities have been identified as critical, while the rest are considered to be highly serious.

Claroty reported its findings to the supplier in February and April 2019, which then released updates in 2019, which fixed some of the vulnerabilities.

Researchers have discovered several types of flaws in CodeMeter, including memory corruption errors and cryptographic flaws that can be exploited to modify or create license files.

In an attack scenario described by researchers, an attacker creates a website that is designed to promote malicious permission on users' devices. Permission, when processed by CodeMeter, may allow a DoS attack or arbitrary code execution.

Claroty has created an online tool that allows users to check if they are running a vulnerable version of CodeMeter. The company has also created a GitHub page for this project.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

00:02:49

The creator of PUBG is planning an IPO worth $ 27,2 billion!

https://www.youtube.com/watch?v=ZE1qwCJCXl0 Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...
00:02:10

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...