28 July 2017

Multiple vulnerabilities found in popular license manager

Kaspersky Lab ICS CERT has identified multiple remote code execution (RCE) and denial of service (DOS) vulnerabilities in hasplms service that is a part of Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products.

Vulnerable products are commonly used for licenses control and management among various business sectors: industrial control systems, financial institutions, banking solutions etc. The vulnerable version of the driver can automatically be installed on the system by plugin-in USB license key.

Vulnerable hasplms service opens 1947/tcp port that has web interface enabled by default. Remote attacker can switch on or off web admin interface. RCE vulnerabilities can be exploited through web admin interface remotely. DOS vulnerabilities can be exploited with web admin interface enabled.

We had reported the vulnerabilities to the vendor and it released private advisory. Customers who have Sentinel LDK (RTE) Run-time Environment version (v2.10 – 7.50) are advised to update their Sentinel LDK RTE to the latest Sentinel LDK RTE component (v 7.55) which was released on May 25, 2017. This update can be found on the Sentinel Downloads site.

To automate the process of analyzing the system for vulnerabilities described in this article, we created OVAL definitions – special XML files with rules for automatic scanning.

OVAL-definitions are available here: KLCERT-17-001, KLCERT-17-002, KLCERT-17-003.