OTPulse
FeedAboutContact

Wibu-Systems CodeMeter Runtime

Plan Patch7.1ICS-CERT ICSA-21-350-03Dec 16, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

CodeMeter Runtime versions below 7.30a contain a vulnerability (CWE-269) in the handling of Mass Storage container requests that allows a local unprivileged user to crash the CodeMeter Runtime Server. The vulnerability is not remotely exploitable and requires local system access. Successful exploitation causes denial-of-service, disrupting applications that depend on CodeMeter for licensing and process authorization. Siemens products dependent on CodeMeter are affected per SSA-580693.

What this means
What could happen
An attacker with local access could crash the CodeMeter Runtime Server, disrupting any industrial or commercial applications that depend on it for licensing and process control, potentially stopping production.
Who's at risk
Organizations using Wibu-Systems CodeMeter Runtime for software licensing on industrial control systems, engineering workstations, and manufacturing equipment. Particularly relevant to companies running Siemens or other control systems that depend on CodeMeter for license management and authorization.
How it could be exploited
An attacker with local unprivileged user access could send a malicious request to the CodeMeter Runtime Server through the "Mass Storage" container interface, causing the service to crash and triggering a denial-of-service condition.
Prerequisites
  • Local access to the machine running CodeMeter Runtime Server
  • Unprivileged user account on the local system
  • CodeMeter Runtime version below 7.30a
  • Mass Storage container type enabled (default configuration)
Local privilege requiredLow attack complexityDenial-of-service impactLicensing dependency in OT environmentsNo patch currently available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
CodeMeter Runtime: All< 7.30a7.30a
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict local unprivileged user access to machines running CodeMeter Runtime Server
WORKAROUNDDisable the Mass Storage container type in CodeMeter by setting registry key HKEY_LOCAL_MACHINE\SOFTWARE\WIBUSYSTEMS\CodeMeter\Server\CurrentVersion\EnabledContainerTypes to 4294967294 (0xFFFFFFFE), then restart CodeMeter service
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CodeMeter Runtime to version 7.30a or later when available
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate CodeMeter systems from business networks and the Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/37bbd3c1-7b99-4fe8-82f6-88ada4417cc1
Wibu-Systems CodeMeter Runtime | CVSS 7.1 - OTPulse