The following list represents the vendors affected by the critical vulnerabilities uncovered by Team82 in Wibu-Systems's CodeMeter license-management component. The list contains vendors that the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) has listed as having been contacted and affected, and those that have published their own advisories. Please find the ICS-CERT advisory here. Wibu-Systems has also published an advisory here.
Team82 has also published a related GitHub page.
For additional resources:
This list will be updated periodically. Vendors wishing to contact Team82 should reach out to secure@claroty.com. Find Claroty's public PGP key here.
--
This list was last updated Feb. 17, 2021.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
