Team82 White Paper
Claroty researchers Sharon Brizinov and Tal Keren have uncovered six critical vulnerabilities in Wibu-Systems’ CodeMeter third-party license management component, which could expose OT environments across numerous industries to exploits via phishing campaigns or direct attacks. Like Ripple20, these vulnerabilities serve as a poignant example of how third-party components can be a significant—yet often overlooked—point of weakness within OT environments.
Adversaries could leverage the discovered vulnerabilities to modify existing software licenses or inject malicious ones, causing devices and processes to crash. These flaws also include serious encryption issues, which could allow attackers to execute code remotely and move laterally on OT networks.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
CVSS v3: 7.2
