Team82 Research
The following list represents the vendors affected by the critical vulnerabilities uncovered by Team82 in Wibu-Systems's CodeMeter license-management component. The list contains vendors that the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) has listed as having been contacted and affected, and those that have published their own advisories. Please find the ICS-CERT advisory here. Wibu-Systems has also published an advisory here.
Team82 has also published a related GitHub page.
For additional resources:
This list will be updated periodically. Vendors wishing to contact Team82 should reach out to secure@claroty.com. Find Claroty's public PGP key here.
--
This list was last updated Feb. 17, 2021.
CWE-284 IMPROPER ACCESS CONTROL:
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow users, including unprivileged users, to write or overwrite files.
Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.
CVSS v3: 5.5
CWE-256: Plaintext Storage of a Password
In Automation-Direct C-MORE EA9 HMI credentials used by the platform are stored as plain text on the device.
AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78
Affected versions:
CVSS v3: 6.5
CWE-121: Stack-based Buffer Overflow
In Automation-Direct C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which leads to a stack overflow. The result of this stack-based buffer overflow will lead to a denial-of-service conditions.
AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78
Affected versions:
CVSS v3: 4.3
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
There is a function in Automation-Direct C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78
Affected versions:
CVSS v3: 7.5
CWE-319: CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
Softing edgeConnector: Version 3.60 and Softing edgeAggregator: Version 3.60 are affected. Update Softing edgeConnector and edgeAggregator to v3.70 or greater.
CVSS v3: 8.0
