Claroty researchers discover critical vulnerabilities in ICS license management solution


License management solutions are third-party components used by ICS vendors to protect against fraud, illegal distribution, and manipulation of proprietary code. Unfortunately, these tools can inadvertently increase OT attack surfaces if they contain unmitigated security flaws.

Claroty researchers have uncovered six critical vulnerabilities in one such solution, Wibu-Systems’ CodeMeter, which could expose OT environments across numerous industries to exploitation via phishing campaigns or direct attacks.

This latest report details this discovery in depth, offering insight into:

  • The process through which the Claroty Research Team discovered six critical vulnerabilities in Wibu-Systems’ CodeMeter
  • How these vulnerabilities can be exploited through two distinct attack vectors: via webpage or remote communications
  • The timeline of Claroty disclosing the vulnerabilities to Wibu-Systems and providing follow-up information, such as POCs, enabling the vendor to fix all issues ahead of the ICS-CERT advisory
  • Technical details for each of the discovered vulnerabilities

To learn more, download License to Kill: Leveraging License Management to Attack ICS Networks.