![]() ![]() “These components must be monitored for updates and security issues, all too often vendors let third-party components get stale and this opens the end users to a lot of risk. told SiliconANGLE that third-party code is both a blessing and a curse. ![]() Lamar Bailey, senior director of security research at enterprise cybersecurity firm Tripwire Inc. Mitigation advice from CISA includes updating to the latest version of CodeMeter Runtime, running CodeMeter only as a client, utilizing a new REST API instead of the internet WebSockets API and disabling the WebSocketsAPI. ![]() Those issues could include an inability to deploy updates or users simply not being aware that they need to. Wibu-Systems has released a patch addressing the vulnerabilities but as with all security updates, it requires deployment by users, a process that without fail has issues. ![]() The vulnerabilities, six in total affecting all versions of CodeMeter from 6.90 through 7.10, have been given a collective Common Vulnerability Scoring System score of 10.0, the highest level on the CVSS scale.ĬodeMeter, from Wibu-Systems AG, provides piracy and reverse-engineering protection to intelligence device manufacturers, along with licensing services and designed to safeguard users against tampering and attacks from third parties.Įxploiting the vulnerabilities, an attacker could undertake remote attacks to deploy ransomware, shut down systems or even take over critical systems. “Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code-execution, read heap data and prevent normal operation of third-party software dependent on the CodeMeter,” the ICS-CERT advisory stated. Department of Homeland Security’s Cybersecurity and Infrastructure Agency has issued an advisory relating to critical vulnerabilities in CodeMeter, software used in industrial control systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |