Security Experts:

Connect with us

Hi, what are you looking for?



ICS Vendors Release Advisories for CodeMeter Vulnerabilities

Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.

Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.

CodeMeter provides license management capabilities and it’s designed to protect software against piracy and reverse engineering. It’s used for a wide range of applications, including various types of industrial products.

Industrial cybersecurity firm Claroty reported earlier this week that CodeMeter is affected by six critical and high-severity vulnerabilities that can be exploited to launch attacks against industrial systems, including to deliver malware and exploits, and shut down devices or processes.

The company’s researchers showed how an attacker can launch attacks by setting up a malicious website and luring targeted users to it, or by creating their own CodeMeter API and client and sending commands to devices running CodeMeter.

Wibu-Systems was informed about the vulnerabilities and it has released patches (version 7.10), which vendors have been encouraged to apply to their products. The United States Cybersecurity and Infrastructure Security Agency (CISA) has also released an advisory and so have many of the major ICS vendors that are impacted. Schneider Electric is not on the list, but the company is also expected to release an advisory.


ABB says the vulnerabilities impact its AC 800PEC Tool, EXC Control Terminal (ECT), Control Terminal Management Studio (CTMS), and Traction Control Terminal (TCT). The company is analyzing the flaws, and while it has yet to release patches, it has provided mitigations and workarounds that customers can use to prevent attacks.


COPA-DATA says the vulnerabilities affect its zenon Editor, zenon Runtime, zenon Analyzer, zenon Web Server, zenon logic Workbench, and straton Workbench products. The company has provided mitigations for each of the flaws and it has advised customers to update CodeMeter.


Pepperl+Fuchs says its VMT MSS and VMT IS products are affected, but only if certain components are present. VMT MSS users have been advised to update CodeMeter to version 7.10, and VMT IS users have been advised to contact VMT, which is a subsidiary.

Phoenix Contact

Phoenix Contact says only three of the CodeMeter vulnerabilities impact its PC Worx Engineer, PLCnext Engineer, FL Network Manager, E-Mobility Charging Suite and IOL-CONF products. The company has released an Activation Wizard update that installs CodeMeter 7.10 and patches the vulnerabilities.


Pilz has determined that the security holes affect its PAS4000, PASvisu, PASloto, PNOZsigma, Live Video Server and SafetyEYE products. The company has advised customers to update CodeMeter and use a local firewall to prevent unauthorized access to devices running CodeMeter.

Rockwell Automation

Rockwell Automation (advisory available only to registered customers) has shared a long list of products that use its FactoryTalk Activation (FTA) Manager, which uses CodeMeter. The company has released an FTA update that patches the vulnerabilities.


Siemens says the flaws affect its SIMATIC, SIMIT, SINEC, SINEMA and SPPA products. The German industrial giant has already released updates for some of the affected products, and it has provided workarounds and mitigations for the others.


WAGO says its e!COCKPIT engineering software installation bundles are impacted, but its controllers and IO devices are not. The company expects to release an e!COCKPIT update containing the latest CodeMeter version in the fourth quarter and in the meantime it has advised customers to manually update CodeMeter.

Related: Industrial Systems Can Be Hacked Remotely via VPN Vulnerabilities

Related: Over 70% of ICS Vulnerabilities Disclosed in First Half of 2020 Remotely Exploitable

Related: Mitsubishi Patches Vulnerabilities Disclosed at ICS Hacking Contest

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.