Vulnerability in WibuKey Runtime included in WinCC OA

Discussion about security topics in WinCC OA!
Search

Post Reply
1 post • Page 1 of 1
User avatar
agruber
Posts: 148
Joined: Tue Sep 07, 2010 12:52 pm

Vulnerability in WibuKey Runtime included in WinCC OA

Post by agruber » Thu Jan 31, 2019 1:48 pm

Dear customer,

The included version of WibuKey Runtime in WinCC OA, which will be installed when "hardware dongle support" is enabled, has two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level. More information about this can be found at: https://blog.talosintelligence.com/2019 ... ities.html

Wibu Systems already updated the WibuKey Runtime to version 6.50a which patches these vulnerabilities. It can be downloaded from https://www.wibu.com/ .

We tested the new runtime successfully, it can simply be applied upon the existing runtime.

Beginning from mid of February, new patches for WinCC OA will be shipped with the updated version of the WibuKey Runtime.

Best regards,
Andreas Gruber
WinCC OA Support

Post Reply
1 post • Page 1 of 1