Researchers discovered six critical flaws in CodeMeter, which is a software management component that is licensed by several of the top industrial control system software vendors, such as Rockwell Automation, and Siemens. The issue is indicative of larger patch-management challenges in the industrial space, researcher says. Attackers can attack victims using a specially crafted link, and remotely communicate with the Codemeter server that is located on the machines. The vulnerabilities are in the way that code meter is parsing requests from web socket APIs.
Source: https://threatpost.com/critical-industrial-flaws/159448/