Vendors Affected by Wibu CodeMeter Vulnerabilities

Updated Feb. 17, 2021

The following list represents the vendors affected by the critical vulnerabilities uncovered by Claroty in Wibu-Systems's CodeMeter license-management component. The list contains vendors that the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) has listed as having been contacted and affected, and those that have published their own advisories. Please find the ICS-CERT advisory here. Wibu-Systems has also published an advisory here.

Claroty has also published a related GitHub page.

For additional resources:

• Test whether your site is affected by the CodeMeter vulnerabilities uncovered by Claroty.

• Read Claroty's blog on the CodeMeter vulnerabilities here.

• Download Claroty's technical paper on the CodeMeter vulnerabilities here.

This list will be updated periodically. Vendors wishing to contact Claroty researchers should reach out to secure@claroty.com. Find Claroty's public PGP key here.

Affected Vendors

• ABB

• B&R

• Bosch

• CODESYS

• Copa-Data

• Drager

• Eaton

• Endress+Hauser

• Pepperl+Fuchs

• Phoenix Contact

• Pilz Automation

• Rockwell Automation

• Schneider Electric

• Siemens

• Trumpf

• Wago

• Weidmueller Interface

--

This list was last updated Feb. 17, 2021.