As reported by the cyber security company Claroty, some vulnerabilities discovered in CodeMeter, a popular licensing and DRM product created by the German Wibu-Systems, can expose industrial systems to remote attacks.
CodeMeter is designed to protect software from piracy and reverse engineering, offering license management capabilities, and includes security features that provide protection against infringement and other attacks.
CodeMeter can find many applications, but is often found in industrial products, including industrial computers, IIoT devices, and controllers. He is considered his successor WibuKey, an older product that had previously exposed industrial products by Siemens and other retailers to attacks due to serious vulnerabilities.
Claroty researchers, they discovered six vulnerabilities in CodeMeter, some of which could be exploited to launch attacks against industrial control systems (ICS). Two of these vulnerabilities have been identified as critical, while the rest are considered to be highly serious.
Claroty reported its findings to the supplier in February and April 2019, which then released updates in 2019, which fixed some of the vulnerabilities.
Researchers have discovered several types of flaws in CodeMeter, including memory corruption errors and cryptographic flaws that can be exploited to modify or create license files.
In an attack scenario described by researchers, an attacker creates a website that is designed to promote malicious permission on users' devices. Permission, when processed by CodeMeter, may allow a DoS attack or arbitrary code execution.
Claroty has created an online tool that allows users to check if they are running a vulnerable version of CodeMeter. The company has also created a GitHub page for this project.