Six Critical Vulnerabilities To Enable OT Supply Chain Attack


Submitted by: Daryl Haegley (CS)²AI Fellow and Director, Mission Assurance & Cyber Deterrence at the DOD



Original Source: https://www.infosecurity-magazine.com/news/critical-bugs-enable-ot-supply/

By Phil Muncaster 9/9/20

“Security researchers have discovered six critical vulnerabilities in third-party code which could expose countless operational technology (OT) environments to remote code execution attacks.”

“Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data and prevent normal operation of third-party software dependent on the CodeMeter,” the US Cybersecurity and Infrastructure Security Agency (CISA) noted.”

“Attackers could phish their targets, socially engineering them into visiting a malicious site under their control to inject a malicious license onto the victim machine. Or they could exploit one of the bugs to create and inject forged licenses onto a machine running CodeMeter, Claroty said.”