Wibu-Systems CodeMeter Vulnerabilities Expose OT Networks

Claroty (Team82) disclosed six critical vulnerabilities in Wibu-Systems' CodeMeter licensing component that enable license forgery, remote code execution, memory corruption, and lateral movement in OT/ICS environments; ICS-CERT assigned a CVSS 10.0 rating for the most severe issues. The flaws can be exploited via phishing or network access to compromise engineering stations and HMIs used by major vendors (e.g., Rockwell, Siemens), and patches are available in CodeMeter 7.10a while network mitigations (e.g., blocking TCP/22350) and discovery guidance are recommended.