Team82 White Paper
Claroty researchers Sharon Brizinov and Tal Keren have uncovered six critical vulnerabilities in Wibu-Systems’ CodeMeter third-party license management component, which could expose OT environments across numerous industries to exploits via phishing campaigns or direct attacks. Like Ripple20, these vulnerabilities serve as a poignant example of how third-party components can be a significant—yet often overlooked—point of weakness within OT environments.
Adversaries could leverage the discovered vulnerabilities to modify existing software licenses or inject malicious ones, causing devices and processes to crash. These flaws also include serious encryption issues, which could allow attackers to execute code remotely and move laterally on OT networks.
CWE 287: Improper Authentication
An Improper Authentication vulnerability exists in Danfoss AK-SM8xxA Series, resulting in an authentication bypass. Install the latest patch with number 4.2 to remediate this vulnerability. This flaw could enable an attacker to generate a web report that discloses sensitive information such as internal IP addresses, usernames, store names, and other sensitive information.e
CVSS v3: 8.2
CWE-798 USE OF HARD-CODED CREDENTIALS:
In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions.
Optigo Networks recommends users implement at least one of the following additional mitigations:
CVSS v3: 9.8
CWE-78 Improper Neutralization of Special Elements used in an OS Command:
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.
Mitsubishi Electric Europe B.V. recommends that users take note of the following mitigation measures to minimize the risk of exploiting this vulnerability:
CVSS v3: 9.8
CWE-306: Missing Authentication for Critical Function:
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
Mitsubishi Electric Europe B.V. recommends that users take note of the following mitigation measures to minimize the risk of exploiting this vulnerability:
CVSS v3: 7.5
CWE-547 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS:
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
Optigo Networks recommends users to upgrade to the following:
CVSS v3: 7.5
