COPA-DATA has been
informed by Wibu-Systems about a security vulnerability in the Wibu-Systems CodeMeter
Control Center for Windows software with the following CVSS 3.1 base score:
Summary
The installation of the zenon Software Platform requires the installation of the third-party application WIBU System CodeMeter to manage the license for the use of zenon Software Platform components. After installation, the automatically launched instance of the CodeMeter Control Center is running with System Privileges. These privileges can be abused by unauthorized or malicious users.
This vulnerability
affects systems with a zenon Software Platform installation.
Affected versions:
Remediation
Wibu-Systems addressed
this issue and published an updated version 8.30a of the CodeMeter Control
Center on their website:
This vulnerability doesn’t
affect systems which meet one of the following requirements:
COPA-DATA recommends updating Wibu-Systems CodeMeter Control Center to the fixed version 8.30a after a Risk Analysis was performed by the Asset Owner or System Integrator or assess if other mitigating options may be needed for affected systems.
More information can be found in the attached CSAF file.