Endress+Hauser: Multiple products affected by Wibu-Systems CodeMeter Vulnerability

A vulnerability in Wibu-Systems CodeMeter (up to version 7.60b) affects multiple Endress+Hauser products. This flaw can lead to a heap buffer overflow, which may allow remote code execution under certain conditions.

An attacker exploiting the vulnerability in Wibu CodeMeter Runtime when running in server mode could gain full control of the affected server via network access without any user interaction. In non-networked workstation mode, exploiting the same vulnerability could result in privilege escalation, granting the attacker full administrative access to the workstation.

If possible, configure CodeMeter to run in client-only mode. If server mode is required, restrict access to authorized clients by implementing an access control list.
For Proline Promag 800 OPC UA Connectivity, CodeMeter operates as a server only during license activation. Installation and license activation are managed by Endress+Hauser. If a customer performs manual license activation, it is strongly recommended to limit network access to necessary clients only by using firewalls or equivalent security measures.

Endress+Hauser has released updated firmware versions that address this vulnerability. The only exception is Proline Promag 800 OPC UA Connectivity, with the update planned for Q3 2026. Customers are strongly advised to upgrade to the latest fixed version. For assistance, please contact your local Endress+Hauser service center.

Endress+Hauser AG thanks the following parties for their efforts:

• CERT@VDE for coordination (see https://certvde.com )