Several Industrial Automation Products Affected by WibuKey DRM Flaws

From securityweek.com

The products of several industrial automation companies are affected by the recently disclosed vulnerabilities found in the WibuKey digital rights management (DRM) solution from Wibu Systems.

Cisco Talos revealed in December that the WibuKey DRM has three serious security flawsthat can lead to information disclosure, privilege escalation, and remote code execution. Wibu patched the vulnerabilities with the release of version 6.50 and it’s important that users update the tool, especially since Cisco has made public technical information and proof-of-concept (PoC) code for each of the bugs.

The WibuKey DRM is used for thousands of applications, including by several industrial automation vendors. Cisco mentioned Straton when it published its advisories, and German industrial giant Siemens admitted recently that its SICAM 230 process control and monitoring system and SIMATIC WinCC OA human-machine interface (HMI) product are impacted as well.

Several other companies based in Central Europe have also warned customers that the WibuKey flaws expose their products to attacks.

Read more…