Team82 White Paper
Claroty researchers Sharon Brizinov and Tal Keren have uncovered six critical vulnerabilities in Wibu-Systems’ CodeMeter third-party license management component, which could expose OT environments across numerous industries to exploits via phishing campaigns or direct attacks. Like Ripple20, these vulnerabilities serve as a poignant example of how third-party components can be a significant—yet often overlooked—point of weakness within OT environments.
Adversaries could leverage the discovered vulnerabilities to modify existing software licenses or inject malicious ones, causing devices and processes to crash. These flaws also include serious encryption issues, which could allow attackers to execute code remotely and move laterally on OT networks.
Hardcoded credentials in the Frick Controls Quantum HD create a vulnerability that leads to unauthorized access, exposure of sensitive information, and potential misuse or system compromise.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 6.2
The Frick Controls Quantum HD contains a vulnerability that allows an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 7.5
The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 9.1
The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 9.1
The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.
The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.
CVSS v3: 9.1
