"Third-Party Components Putting Operational Hardware and Software Technologies at Risk"
Six critical vulnerabilities have been discovered by Claroty researchers in a third-party software component used by top Industrial Control System (ICS) software vendors such as Rockwell Automation and Siemens. These vulnerabilities were found in Wibu-Systems' CodeMeter third-party license management component, which increases Operational Technology (OT) environments' exposure to exploits through phishing campaigns or direct cyberattacks. The exploitation of the vulnerabilities could allow attackers to modify existing software licenses, inject malicious ones, cause processes to crash, and more. Researchers also discovered encryption implementation issues that could be used by bad actors to execute code remotely and move laterally on OT networks. This article continues to discuss the flaws found in CodeMeter and how these vulnerabilities put OT environments at risk.