New vulnerabilities in critical infrastructure a byproduct of merging of IT and OT

Summary

Researchers have found 6 critical vulnerabilities in a third-party provider to leading industrial control systems (ICS) providers including Rockwell Automation and Siemens.

According to the report, the flaws exist in CodeMeter, owned by Wibu-Systems, a software management component utilized by the likes of Rockwell and Siemens. Unauthenticated attackers can exploit the vulnerabilities and launch attacks, including ransomware, that could shut down critical systems.

The researchers have warned that “CodeMeter is a widely deployed third-party tool that is integrated into numerous products.”

Report

Analysis

These newly discovered vulnerabilities are a byproduct of several factors, including the accelerated merging of IT and operational technology (OT) in industrial control systems. As we have written previously, “the merging of operational technology (OT) and information technology (IT) in recent years has led to a decrease in the number of air gaps—the thing that used to make critical infrastructure like utilities less vulnerable to cyber attacks. With the rise of IoT, industrial control systems have become more connected and thus more vulnerable to attack.”

From the work of experts like Dragos, we already see an uptick in ransomware attacks on critical infrastructure seeking to exploit the vulnerabilities borne out of this trend.

As we wrote in an Alert on GE recently, the poor management of these risks, from the third party vendors to the first tier service providers (like Siemens, GE), pose a systemic risk to the public and shareholders alike. And in the case of any company that uses Wibu-Systems and CodeMeter, they are only as secure as their weakest link.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website