Connect with us

Hi, what are you looking for?



ICS Vendors Release Advisories for CodeMeter Vulnerabilities

Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.

Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.

CodeMeter provides license management capabilities and it’s designed to protect software against piracy and reverse engineering. It’s used for a wide range of applications, including various types of industrial products.

Industrial cybersecurity firm Claroty reported earlier this week that CodeMeter is affected by six critical and high-severity vulnerabilities that can be exploited to launch attacks against industrial systems, including to deliver malware and exploits, and shut down devices or processes.

The company’s researchers showed how an attacker can launch attacks by setting up a malicious website and luring targeted users to it, or by creating their own CodeMeter API and client and sending commands to devices running CodeMeter.

Wibu-Systems was informed about the vulnerabilities and it has released patches (version 7.10), which vendors have been encouraged to apply to their products. The United States Cybersecurity and Infrastructure Security Agency (CISA) has also released an advisory and so have many of the major ICS vendors that are impacted. Schneider Electric is not on the list, but the company is also expected to release an advisory.


ABB says the vulnerabilities impact its AC 800PEC Tool, EXC Control Terminal (ECT), Control Terminal Management Studio (CTMS), and Traction Control Terminal (TCT). The company is analyzing the flaws, and while it has yet to release patches, it has provided mitigations and workarounds that customers can use to prevent attacks.


Advertisement. Scroll to continue reading.

COPA-DATA says the vulnerabilities affect its zenon Editor, zenon Runtime, zenon Analyzer, zenon Web Server, zenon logic Workbench, and straton Workbench products. The company has provided mitigations for each of the flaws and it has advised customers to update CodeMeter.


Pepperl+Fuchs says its VMT MSS and VMT IS products are affected, but only if certain components are present. VMT MSS users have been advised to update CodeMeter to version 7.10, and VMT IS users have been advised to contact VMT, which is a subsidiary.

Phoenix Contact

Phoenix Contact says only three of the CodeMeter vulnerabilities impact its PC Worx Engineer, PLCnext Engineer, FL Network Manager, E-Mobility Charging Suite and IOL-CONF products. The company has released an Activation Wizard update that installs CodeMeter 7.10 and patches the vulnerabilities.


Pilz has determined that the security holes affect its PAS4000, PASvisu, PASloto, PNOZsigma, Live Video Server and SafetyEYE products. The company has advised customers to update CodeMeter and use a local firewall to prevent unauthorized access to devices running CodeMeter.

Rockwell Automation

Rockwell Automation (advisory available only to registered customers) has shared a long list of products that use its FactoryTalk Activation (FTA) Manager, which uses CodeMeter. The company has released an FTA update that patches the vulnerabilities.


Siemens says the flaws affect its SIMATIC, SIMIT, SINEC, SINEMA and SPPA products. The German industrial giant has already released updates for some of the affected products, and it has provided workarounds and mitigations for the others.


WAGO says its e!COCKPIT engineering software installation bundles are impacted, but its controllers and IO devices are not. The company expects to release an e!COCKPIT update containing the latest CodeMeter version in the fourth quarter and in the meantime it has advised customers to manually update CodeMeter.

Related: Industrial Systems Can Be Hacked Remotely via VPN Vulnerabilities

Related: Over 70% of ICS Vulnerabilities Disclosed in First Half of 2020 Remotely Exploitable

Related: Mitsubishi Patches Vulnerabilities Disclosed at ICS Hacking Contest

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights