Several Industrial Automation Products Affected by WibuKey DRM Flaws
The merchandise of a number of commercial automation firms are affected by the just lately disclosed vulnerabilities discovered within the WibuKey virtual rights control (DRM) resolution from Wibu Systems.
Cisco Talos published in December that the WibuKey DRM has 3 critical safety flaws that can result in data disclosure, privilege escalation, and far flung code execution. Wibu patched the vulnerabilities with the discharge of model 6.50 and it’s essential that customers replace the software, particularly since Cisco has made public technical data and proof-of-concept (PoC) code for each and every of the insects.
The WibuKey DRM is used for 1000’s of packages, together with by a number of commercial automation distributors. Cisco discussed Straton when it printed its advisories, and German commercial large Siemens admitted just lately that its SICAM 230 procedure keep an eye on and tracking machine and SIMATIC WinCC OA human-machine interface (HMI) product are impacted as neatly.
Several different firms founded in Central Europe have additionally warned consumers that the WibuKey flaws disclose their merchandise to assaults.
One of them is Germany-based Phoenix Contact, whose MEVIEW3 product is affected. According to an advisory printed this week by Germany’s [email protected], the seller will combine a patched model of WibuKey into the following liberate of MEVIEW3.
Austria-based COPA-DATA additionally alerted customers that a few of its Zenon merchandise use the DRM resolution for dongle licensing and are affected. The corporate has printed an 11-page advisory detailing the failings and their affect on its merchandise.
Sprecher Automation, which could also be founded in Austria, additionally gives merchandise that use WibuKey for dongle licensing. The corporate has posted an advisory list the impacted SPRECON packages.
Finally, Germany-based IT GmbH, which makes a speciality of house and construction automation, posted a notification it gained from Wibu Systems and knowledgeable consumers that the failings affect its Elvis visualization merchandise.
The maximum critical of the WibuKey flaws is CVE-2018-3991, a vital heap overflow that may be exploited by a far flung attacker for arbitrary code execution by sending specifically crafted TCP packets to the focused machine on port 22347.
Another vital vulnerability is CVE-2018-3990, a pool corruption that may be exploited to escalate privileges by sending specifically crafted I/O request packets (IRPs).
The final vulnerability is CVE-2018-3989, which may also be exploited by the use of specifically crafted IRP requests. This safety hollow can permit an attacker to learn kernel reminiscence data and it’s been assigned a severity score of “medium.”
While Talos made its findings public in December, Wibu mentioned this used to be achieved by mistake and that it to begin with agreed with Talos to just reveal the failings on January 24 to offer consumers time to replace their installations. Talos later quickly got rid of its weblog put up and advisories, and Wibu even tried to persuade information internet sites, together with SecurityWeek, to take away their articles protecting the failings till January 24.