Submitted by: Daryl Haegley (CS)²AI Fellow and Director, Mission Assurance & Cyber Deterrence at the DOD
By Phil Muncaster 9/9/20
“Security researchers have discovered six critical vulnerabilities in third-party code which could expose countless operational technology (OT) environments to remote code execution attacks.”
“Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data and prevent normal operation of third-party software dependent on the CodeMeter,” the US Cybersecurity and Infrastructure Security Agency (CISA) noted.”
“Attackers could phish their targets, socially engineering them into visiting a malicious site under their control to inject a malicious license onto the victim machine. Or they could exploit one of the bugs to create and inject forged licenses onto a machine running CodeMeter, Claroty said.”