The included version of WibuKey Runtime in WinCC OA, which will be installed when "hardware dongle support" is enabled, has two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level. More information about this can be found at: https://blog.talosintelligence.com/2019 ... ities.html
Wibu Systems already updated the WibuKey Runtime to version 6.50a which patches these vulnerabilities. It can be downloaded from https://www.wibu.com/ .
We tested the new runtime successfully, it can simply be applied upon the existing runtime.
Beginning from mid of February, new patches for WinCC OA will be shipped with the updated version of the WibuKey Runtime.
WinCC OA Support