Vulnerabilities In Defense Giants Software Revealed

Flaws have been discovered in CodeMeter, owned by Wibu-Systems, which is a software management component that is licensed by many of the top industrial control system software vendors, including defense contractors Rockwell Automation and Siemens. CodeMeter provides tools to bolster security, help with licensing, and protect against piracy or reverse-engineering. Patches were provided on Aug. 11 but the flaws weren’t disclosed until Sept. 8. “Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code-execution, read heap data and prevent normal operation of third-party software dependent on the CodeMeter,” according to an advisory. The flaws create six critical vulnerabilities that attackers can exploit to launch malicious attacks including deploying ransomware, and shutting down or taking over critical systems. Security professionals have warned of the alarming implications if a critical defense system is attacked. In July, the U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency issued an alert warning that adversaries could be targeting critical infrastructure.