Third-party components putting operational hardware and software technologies at risk
Claroty researchers have uncovered six critical vulnerabilities in Wibu-Systems’ CodeMeter third-party license management component, which could expose operational technology (OT) environments with hardware and software components across numerous industries to exploits via phishing campaigns or direct cyberattacks.
CodeMeter is used by many software vendors, including Rockwell Automation and Siemens, both of whom confirmed in advisories they are affected by these flaws, according to the Claroty researchers. Claroty has published a list of affected vendors that will be updated periodically. Claroty has built an online utility that will help users determine whether they are running a vulnerable version of CodeMeter.