Claroty researchers have uncovered six critical vulnerabilities in Wibu-Systems’ CodeMeter third-party license management component, which could expose operational technology (OT) environments with hardware and software components across numerous industries to exploits via phishing campaigns or direct cyberattacks. 

CodeMeter is used by many software vendors, including Rockwell Automation and Siemens, both of whom confirmed in advisories they are affected by these flaws, according to the Claroty researchers. Claroty has published a list of affected vendors that will be updated periodically. Claroty has built an online utility that will help users determine whether they are running a vulnerable version of CodeMeter.

Wibu-Systems has made patches available for all of the flaws in version 7.10 of CodeMeter, which has been available since Aug. 11; many of the affected vendors have been notified and have added, or are in the process of, adding the fixes to their respective installers.

Technical details on the vulnerabilities as well as details about how Claroty uncovered these flaws are available in a paper titled, “License to Kill: Leveraging License Management to Attack ICS Networks.”

The Industrial Control System Computer Emergency Response Team (ICS-CERT) issued an advisory about these vulnerabilities, and collectively assigned a CVSS score of 10.0, the highest criticality rating available.

Bad actors could leverage the discovered vulnerabilities to modify existing software licenses or inject malicious ones, causing devices and processes to crash. These flaws could include serious encryption issues, which could allow attackers to execute code remotely and move laterally on OT networks.