Sept. 08, 2020 – Updated Feb. 17, 2021
The following list represents the vendors affected by the critical vulnerabilities uncovered by Claroty in Wibu-Systems’s CodeMeter license-management component. The list contains vendors that the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) has listed as having been contacted and affected, and those that have published their own advisories. Please find the ICS-CERT advisory here. Wibu-Systems has also published an advisory here.
Claroty has also published a related GitHub page.
For additional resources:
- Test whether your site is affected by the CodeMeter vulnerabilities uncovered by Claroty.
- Read Claroty’s blog on the CodeMeter vulnerabilities here.
- Download Claroty’s technical paper on the CodeMeter vulnerabilities here.
This list will be updated periodically. Vendors wishing to contact Claroty researchers should reach out to secure@claroty.com. Find Claroty’s public PGP key here.
Affected Vendors
- ABB
- B&R
- Bosch
- CODESYS
- Copa-Data
- Drager
- Eaton
- Endress+Hauser
- Pepperl+Fuchs
- Phoenix Contact
- Pilz Automation
- Rockwell Automation
- Schneider Electric
- Siemens
- Trumpf
- Wago
- Weidmueller Interface
—
This list was last updated Feb. 17, 2021.
