Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-14513 (GCVE-0-2020-14513)
Vulnerability from cvelistv5 – Published: 2020-09-16 19:49 – Updated: 2024-08-04 12:46
VLAI
EPSS
Summary
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
Severity
No CVSS data available.
CWE
- CWE-20 - IMPROPER INPUT VALIDATION CWE-20
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CodeMeter",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 6.81"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T19:49:37.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CodeMeter",
"version": {
"version_data": [
{
"version_value": "All versions prior to 6.81"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14513",
"datePublished": "2020-09-16T19:49:37.000Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-14513",
"date": "2026-05-30",
"epss": "0.00258",
"percentile": "0.49368"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-14513\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2020-09-16T20:15:13.473\",\"lastModified\":\"2024-11-21T05:03:25.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.\"},{\"lang\":\"es\",\"value\":\"CodeMeter (todas las versiones anteriores a 6.81) y el software que lo usa pueden bloquearse al procesar un archivo de licencia espec\u00edficamente dise\u00f1ado debido a campos de longitud no verificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.81\",\"matchCriteriaId\":\"187785AF-56CD-4BC7-8A5B-9E075E47C753\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
SSA-455843
Vulnerability from csaf_siemens - Published: 2020-09-08 00:00 - Updated: 2022-02-17 00:00Summary
SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Notes
Summary: CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.
The vulnerabilities are described in the section "Vulnerability Classification" below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
10.0 (Critical)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PSS CAPE Protection Simulation Platform
Siemens / PSS CAPE Protection Simulation Platform
|
CAPE 14 installations installed from material dated earlier than 2020-09-15 |
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SICAM 230
Siemens / SICAM 230
|
vers:all/* |
Mitigation
Mitigation
No Fix Planned
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Information Server 2019
Siemens / SIMATIC Information Server 2019
|
Version 2019 SP1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC PCS neo
Siemens / SIMATIC PCS neo
|
< V3.0 SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
Siemens / SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
|
< SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC WinCC OA
Siemens / SIMATIC WinCC OA
|
< V3.17 P007 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMIT Simulation Platform
Siemens / SIMIT Simulation Platform
|
>= V10.0 and < V10.2 Upd1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEC INS
Siemens / SINEC INS
|
< V1.0 SP1 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
CWE-20
- Improper Input Validation
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PSS CAPE Protection Simulation Platform
Siemens / PSS CAPE Protection Simulation Platform
|
CAPE 14 installations installed from material dated earlier than 2020-09-15 |
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SICAM 230
Siemens / SICAM 230
|
vers:all/* |
Mitigation
Mitigation
No Fix Planned
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC PCS neo
Siemens / SIMATIC PCS neo
|
< V3.0 SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
Siemens / SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
|
< SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMIT Simulation Platform
Siemens / SIMIT Simulation Platform
|
>= V10.0 and < V10.2 Upd1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEMA Remote Connect
Siemens / SINEMA Remote Connect
|
< V3.0 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
CWE-347
- Improper Verification of Cryptographic Signature
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PSS CAPE Protection Simulation Platform
Siemens / PSS CAPE Protection Simulation Platform
|
CAPE 14 installations installed from material dated earlier than 2020-09-15 |
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SICAM 230
Siemens / SICAM 230
|
vers:all/* |
Mitigation
Mitigation
No Fix Planned
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC PCS neo
Siemens / SIMATIC PCS neo
|
< V3.0 SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
Siemens / SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
|
< SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMIT Simulation Platform
Siemens / SIMIT Simulation Platform
|
>= V10.0 and < V10.2 Upd1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEMA Remote Connect
Siemens / SINEMA Remote Connect
|
< V3.0 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
9.4 (Critical)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PSS CAPE Protection Simulation Platform
Siemens / PSS CAPE Protection Simulation Platform
|
CAPE 14 installations installed from material dated earlier than 2020-09-15 |
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SICAM 230
Siemens / SICAM 230
|
vers:all/* |
Mitigation
Mitigation
No Fix Planned
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Information Server 2019
Siemens / SIMATIC Information Server 2019
|
Version 2019 SP1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC PCS neo
Siemens / SIMATIC PCS neo
|
< V3.0 SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
Siemens / SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
|
< SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC WinCC OA
Siemens / SIMATIC WinCC OA
|
< V3.17 P007 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMIT Simulation Platform
Siemens / SIMIT Simulation Platform
|
>= V10.0 and < V10.2 Upd1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEC INS
Siemens / SINEC INS
|
< V1.0 SP1 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
CWE-346
- Origin Validation Error
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PSS CAPE Protection Simulation Platform
Siemens / PSS CAPE Protection Simulation Platform
|
CAPE 14 installations installed from material dated earlier than 2020-09-15 |
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SICAM 230
Siemens / SICAM 230
|
vers:all/* |
Mitigation
Mitigation
No Fix Planned
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Information Server 2019
Siemens / SIMATIC Information Server 2019
|
Version 2019 SP1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC PCS neo
Siemens / SIMATIC PCS neo
|
< V3.0 SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
Siemens / SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
|
< SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC WinCC OA
Siemens / SIMATIC WinCC OA
|
< V3.17 P007 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMIT Simulation Platform
Siemens / SIMIT Simulation Platform
|
>= V10.0 and < V10.2 Upd1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEC INS
Siemens / SINEC INS
|
< V1.0 SP1 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEMA Remote Connect
Siemens / SINEMA Remote Connect
|
< V3.0 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PSS CAPE Protection Simulation Platform
Siemens / PSS CAPE Protection Simulation Platform
|
CAPE 14 installations installed from material dated earlier than 2020-09-15 |
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SICAM 230
Siemens / SICAM 230
|
vers:all/* |
Mitigation
Mitigation
No Fix Planned
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Information Server 2019
Siemens / SIMATIC Information Server 2019
|
Version 2019 SP1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC PCS neo
Siemens / SIMATIC PCS neo
|
< V3.0 SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
Siemens / SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)
|
< SP1 Update 1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMATIC WinCC OA
Siemens / SIMATIC WinCC OA
|
< V3.17 P007 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SIMIT Simulation Platform
Siemens / SIMIT Simulation Platform
|
>= V10.0 and < V10.2 Upd1 |
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SINEC INS
Siemens / SINEC INS
|
< V1.0 SP1 |
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
References
42 references
Acknowledgments
Cybersecurity and Infrastructure Security Agency (CISA)
Bundesamt für Sicherheit in der Informationstechnik (BSI)
WIBU Systems CERT
{
"document": {
"acknowledgments": [
{
"organization": "Cybersecurity and Infrastructure Security Agency (CISA)",
"summary": "coordination efforts"
},
{
"organization": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI)",
"summary": "coordination efforts"
},
{
"organization": "WIBU Systems CERT",
"summary": "coordination efforts"
}
],
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.\n\nThe vulnerabilities are described in the section \"Vulnerability Classification\" below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"category": "self",
"summary": "SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-455843.txt"
},
{
"category": "self",
"summary": "SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-455843.json"
}
],
"title": "SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products",
"tracking": {
"current_release_date": "2022-02-17T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-455843",
"initial_release_date": "2020-09-08T00:00:00Z",
"revision_history": [
{
"date": "2020-09-08T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2020-10-13T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added PSS CAPE Protection Simulation Platform; added solution by software update for SIMATIC WinCC OA; added solution by installation of latest CodeMeter Runtime version for SIMIT, SINEC INS, and PSS CAPE"
},
{
"date": "2020-11-10T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added SICAM 230"
},
{
"date": "2021-01-12T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Updated solutions for PCS neo and SPPA T3000 (with fixes for the open CVEs)"
},
{
"date": "2021-02-09T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Updated solution for SPPA S3000 (with fixes for the open CVEs)"
},
{
"date": "2021-03-09T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Updated solution for SINEC INS and SINEMA Remote Connect"
},
{
"date": "2021-04-13T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Updated solution for PSS CAPE and SIMIT"
},
{
"date": "2022-02-17T00:00:00Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Moved products from Siemens Energy to separate advisory SSA-455844"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "CAPE 14 installations installed from material dated earlier than 2020-09-15",
"product": {
"name": "PSS CAPE Protection Simulation Platform",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "PSS CAPE Protection Simulation Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICAM 230",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SICAM 230"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Version 2019 SP1",
"product": {
"name": "SIMATIC Information Server 2019",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC Information Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.0 SP1 Update 1",
"product": {
"name": "SIMATIC PCS neo",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC PCS neo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c SP1 Update 1",
"product": {
"name": "SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.17 P007",
"product": {
"name": "SIMATIC WinCC OA",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V10.0 and \u003c V10.2 Upd1",
"product": {
"name": "SIMIT Simulation Platform",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIMIT Simulation Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V1.0 SP1",
"product": {
"name": "SINEC INS",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SINEC INS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.0",
"product": {
"name": "SINEMA Remote Connect",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
"references": [
{
"summary": "CVE-2020-14509 - SIMATIC Information Server 2019",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14509 - SIMATIC PCS neo",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14509 - SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14509 - SIMATIC WinCC OA",
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"summary": "CVE-2020-14509 - SIMIT Simulation Platform",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"summary": "CVE-2020-14509 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"summary": "CVE-2020-14509 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14509.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "CAPE 14 installations installed from material dated 2020-09-15 or later are not affected, as they contain a fixed version of CodeMeter Runtime",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If CAPE 14 was initially installed using earlier material, see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Update to SICAM 230 V8.00 or later version. Install WIBU Systems CodeMeter Runtime V7.10a to fix all issues",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "See also the recommendations from section Workarounds and Mitigations",
"product_ids": [
"2"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to Information Server 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 SP1 Update 1 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to Process Historian 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P007 or later version",
"product_ids": [
"6"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V10.2 Upd1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"7",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP1 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"category": "mitigation",
"details": "All products affected by CVE-2020-14513 or CVE-2020-14515: Do not import license files from untrusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SIMATIC WinCC OA V3.17:\n\nUpdate to V3.17 P007 or later version to fix all issues. For patch levels \u003c P007, the following measures apply:\n\nCVE-2020-14509, CVE-2020-14517, and CVE-2020-16233 are already mitigated by default, as no external connections to port 22350/tcp are allowed. Additionally, an update to SIMATIC WinCC OA version V3.17 P006 partially fixes CVE-2020-14517.\n\nCVE-2020-14519: Disable the WebSockets API of CodeMeter Runtime.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SIMIT Simulation Platform (Versions \u003e= V10.0 and \u003c V10.2 Upd1):\n\nTo fix all issues for existing installations, update CodeMeter Runtime to V7.10a: Download from the WIBU Systems User Software website and install on the SIMIT system.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SINEC INS (Versions \u003c V1.0 SP1 only):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package \"CodeMeter User Runtime for Linux, version 7.10a, Driver-only\" from the WIBU Systems User Software website. Install it on the system which runs SINEC INS by executing the following command:\n\nsudo dpkg --force-depends --force-confnew -i codemeter-lite_7.10.4196.501_amd64.deb",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "PSS CAPE Protection Simulation Platform (if initally installed from material dated earlier than 2020-09-15):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package from https://www.psscape.com/codemeter and install it the same way as previous versions documented in the PSS CAPE 14 Installation Manual.\n\nContact PSS\u00aeCAPE Support at psscape.support.energy@siemens.com if you need assistance with patching affected systems.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SICAM 230\n\nTo fix all issues for existing installations, update SICAM 230 to V8.00 or later version. Then update CodeMeter Runtime to V7.10a: Download the package from WIBU Systems User Software website. Install it on SICAM 230 systems according to the procedure documented in chapter 9 of COPA-DATA Security Vulnerability Announcement 2020_1.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "CodeMeter and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
"references": [
{
"summary": "CVE-2020-14513 - SIMATIC PCS neo",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14513 - SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14513 - SIMIT Simulation Platform",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"summary": "CVE-2020-14513 - SINEMA Remote Connect",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793790/"
},
{
"summary": "CVE-2020-14513 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14513.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "CAPE 14 installations installed from material dated 2020-09-15 or later are not affected, as they contain a fixed version of CodeMeter Runtime",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If CAPE 14 was initially installed using earlier material, see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Update to SICAM 230 V8.00 or later version. Install WIBU Systems CodeMeter Runtime V7.10a to fix all issues",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "See also the recommendations from section Workarounds and Mitigations",
"product_ids": [
"2"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.0 SP1 Update 1 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to Process Historian 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V10.2 Upd1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"7",
"9"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793790/"
},
{
"category": "mitigation",
"details": "All products affected by CVE-2020-14513 or CVE-2020-14515: Do not import license files from untrusted sources.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SIMATIC WinCC OA V3.17:\n\nUpdate to V3.17 P007 or later version to fix all issues. For patch levels \u003c P007, the following measures apply:\n\nCVE-2020-14509, CVE-2020-14517, and CVE-2020-16233 are already mitigated by default, as no external connections to port 22350/tcp are allowed. Additionally, an update to SIMATIC WinCC OA version V3.17 P006 partially fixes CVE-2020-14517.\n\nCVE-2020-14519: Disable the WebSockets API of CodeMeter Runtime.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SIMIT Simulation Platform (Versions \u003e= V10.0 and \u003c V10.2 Upd1):\n\nTo fix all issues for existing installations, update CodeMeter Runtime to V7.10a: Download from the WIBU Systems User Software website and install on the SIMIT system.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SINEC INS (Versions \u003c V1.0 SP1 only):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package \"CodeMeter User Runtime for Linux, version 7.10a, Driver-only\" from the WIBU Systems User Software website. Install it on the system which runs SINEC INS by executing the following command:\n\nsudo dpkg --force-depends --force-confnew -i codemeter-lite_7.10.4196.501_amd64.deb",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "PSS CAPE Protection Simulation Platform (if initally installed from material dated earlier than 2020-09-15):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package from https://www.psscape.com/codemeter and install it the same way as previous versions documented in the PSS CAPE 14 Installation Manual.\n\nContact PSS\u00aeCAPE Support at psscape.support.energy@siemens.com if you need assistance with patching affected systems.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SICAM 230\n\nTo fix all issues for existing installations, update SICAM 230 to V8.00 or later version. Then update CodeMeter Runtime to V7.10a: Download the package from WIBU Systems User Software website. Install it on SICAM 230 systems according to the procedure documented in chapter 9 of COPA-DATA Security Vulnerability Announcement 2020_1.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"4",
"5",
"7",
"9"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "summary",
"text": "There is an issue in the license-file signature checking mechanism, which could allow attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
"references": [
{
"summary": "CVE-2020-14515 - SIMATIC PCS neo",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14515 - SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14515 - SIMIT Simulation Platform",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"summary": "CVE-2020-14515 - SINEMA Remote Connect",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793790/"
},
{
"summary": "CVE-2020-14515 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14515.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "CAPE 14 installations installed from material dated 2020-09-15 or later are not affected, as they contain a fixed version of CodeMeter Runtime",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If CAPE 14 was initially installed using earlier material, see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Update to SICAM 230 V8.00 or later version. Install WIBU Systems CodeMeter Runtime V7.10a to fix all issues",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "See also the recommendations from section Workarounds and Mitigations",
"product_ids": [
"2"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.0 SP1 Update 1 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to Process Historian 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V10.2 Upd1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"7",
"9"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793790/"
},
{
"category": "mitigation",
"details": "All products affected by CVE-2020-14513 or CVE-2020-14515: Do not import license files from untrusted sources.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SIMATIC WinCC OA V3.17:\n\nUpdate to V3.17 P007 or later version to fix all issues. For patch levels \u003c P007, the following measures apply:\n\nCVE-2020-14509, CVE-2020-14517, and CVE-2020-16233 are already mitigated by default, as no external connections to port 22350/tcp are allowed. Additionally, an update to SIMATIC WinCC OA version V3.17 P006 partially fixes CVE-2020-14517.\n\nCVE-2020-14519: Disable the WebSockets API of CodeMeter Runtime.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SIMIT Simulation Platform (Versions \u003e= V10.0 and \u003c V10.2 Upd1):\n\nTo fix all issues for existing installations, update CodeMeter Runtime to V7.10a: Download from the WIBU Systems User Software website and install on the SIMIT system.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SINEC INS (Versions \u003c V1.0 SP1 only):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package \"CodeMeter User Runtime for Linux, version 7.10a, Driver-only\" from the WIBU Systems User Software website. Install it on the system which runs SINEC INS by executing the following command:\n\nsudo dpkg --force-depends --force-confnew -i codemeter-lite_7.10.4196.501_amd64.deb",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "PSS CAPE Protection Simulation Platform (if initally installed from material dated earlier than 2020-09-15):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package from https://www.psscape.com/codemeter and install it the same way as previous versions documented in the PSS CAPE 14 Installation Manual.\n\nContact PSS\u00aeCAPE Support at psscape.support.energy@siemens.com if you need assistance with patching affected systems.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
},
{
"category": "mitigation",
"details": "SICAM 230\n\nTo fix all issues for existing installations, update SICAM 230 to V8.00 or later version. Then update CodeMeter Runtime to V7.10a: Download the package from WIBU Systems User Software website. Install it on SICAM 230 systems according to the procedure documented in chapter 9 of COPA-DATA Security Vulnerability Announcement 2020_1.",
"product_ids": [
"1",
"2",
"4",
"5",
"7",
"9"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"4",
"5",
"7",
"9"
]
}
],
"title": "CVE-2020-14515"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "Protocol encryption can be easily broken and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
"references": [
{
"summary": "CVE-2020-14517 - SIMATIC Information Server 2019",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14517 - SIMATIC PCS neo",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14517 - SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14517 - SIMATIC WinCC OA",
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"summary": "CVE-2020-14517 - SIMIT Simulation Platform",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"summary": "CVE-2020-14517 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"summary": "CVE-2020-14517 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14517.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "CAPE 14 installations installed from material dated 2020-09-15 or later are not affected, as they contain a fixed version of CodeMeter Runtime",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If CAPE 14 was initially installed using earlier material, see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Update to SICAM 230 V8.00 or later version. Install WIBU Systems CodeMeter Runtime V7.10a to fix all issues",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "See also the recommendations from section Workarounds and Mitigations",
"product_ids": [
"2"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to Information Server 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 SP1 Update 1 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to Process Historian 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P007 or later version",
"product_ids": [
"6"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V10.2 Upd1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"7",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP1 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"category": "mitigation",
"details": "All products affected by CVE-2020-14513 or CVE-2020-14515: Do not import license files from untrusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SIMATIC WinCC OA V3.17:\n\nUpdate to V3.17 P007 or later version to fix all issues. For patch levels \u003c P007, the following measures apply:\n\nCVE-2020-14509, CVE-2020-14517, and CVE-2020-16233 are already mitigated by default, as no external connections to port 22350/tcp are allowed. Additionally, an update to SIMATIC WinCC OA version V3.17 P006 partially fixes CVE-2020-14517.\n\nCVE-2020-14519: Disable the WebSockets API of CodeMeter Runtime.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SIMIT Simulation Platform (Versions \u003e= V10.0 and \u003c V10.2 Upd1):\n\nTo fix all issues for existing installations, update CodeMeter Runtime to V7.10a: Download from the WIBU Systems User Software website and install on the SIMIT system.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SINEC INS (Versions \u003c V1.0 SP1 only):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package \"CodeMeter User Runtime for Linux, version 7.10a, Driver-only\" from the WIBU Systems User Software website. Install it on the system which runs SINEC INS by executing the following command:\n\nsudo dpkg --force-depends --force-confnew -i codemeter-lite_7.10.4196.501_amd64.deb",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "PSS CAPE Protection Simulation Platform (if initally installed from material dated earlier than 2020-09-15):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package from https://www.psscape.com/codemeter and install it the same way as previous versions documented in the PSS CAPE 14 Installation Manual.\n\nContact PSS\u00aeCAPE Support at psscape.support.energy@siemens.com if you need assistance with patching affected systems.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SICAM 230\n\nTo fix all issues for existing installations, update SICAM 230 to V8.00 or later version. Then update CodeMeter Runtime to V7.10a: Download the package from WIBU Systems User Software website. Install it on SICAM 230 systems according to the procedure documented in chapter 9 of COPA-DATA Security Vulnerability Announcement 2020_1.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability could allow an attacker to use an internal API via a specifically crafted Java Script payload, which may allow alteration or creation of license files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
"references": [
{
"summary": "CVE-2020-14519 - SIMATIC Information Server 2019",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14519 - SIMATIC PCS neo",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14519 - SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-14519 - SIMATIC WinCC OA",
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"summary": "CVE-2020-14519 - SIMIT Simulation Platform",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"summary": "CVE-2020-14519 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"summary": "CVE-2020-14519 - SINEMA Remote Connect",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793790/"
},
{
"summary": "CVE-2020-14519 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14519.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "CAPE 14 installations installed from material dated 2020-09-15 or later are not affected, as they contain a fixed version of CodeMeter Runtime",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If CAPE 14 was initially installed using earlier material, see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Update to SICAM 230 V8.00 or later version. Install WIBU Systems CodeMeter Runtime V7.10a to fix all issues",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "See also the recommendations from section Workarounds and Mitigations",
"product_ids": [
"2"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to Information Server 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 SP1 Update 1 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to Process Historian 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P007 or later version",
"product_ids": [
"6"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V10.2 Upd1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"7",
"8",
"9"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP1 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793790/"
},
{
"category": "mitigation",
"details": "All products affected by CVE-2020-14513 or CVE-2020-14515: Do not import license files from untrusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
{
"category": "mitigation",
"details": "SIMATIC WinCC OA V3.17:\n\nUpdate to V3.17 P007 or later version to fix all issues. For patch levels \u003c P007, the following measures apply:\n\nCVE-2020-14509, CVE-2020-14517, and CVE-2020-16233 are already mitigated by default, as no external connections to port 22350/tcp are allowed. Additionally, an update to SIMATIC WinCC OA version V3.17 P006 partially fixes CVE-2020-14517.\n\nCVE-2020-14519: Disable the WebSockets API of CodeMeter Runtime.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
{
"category": "mitigation",
"details": "SIMIT Simulation Platform (Versions \u003e= V10.0 and \u003c V10.2 Upd1):\n\nTo fix all issues for existing installations, update CodeMeter Runtime to V7.10a: Download from the WIBU Systems User Software website and install on the SIMIT system.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
{
"category": "mitigation",
"details": "SINEC INS (Versions \u003c V1.0 SP1 only):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package \"CodeMeter User Runtime for Linux, version 7.10a, Driver-only\" from the WIBU Systems User Software website. Install it on the system which runs SINEC INS by executing the following command:\n\nsudo dpkg --force-depends --force-confnew -i codemeter-lite_7.10.4196.501_amd64.deb",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
{
"category": "mitigation",
"details": "PSS CAPE Protection Simulation Platform (if initally installed from material dated earlier than 2020-09-15):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package from https://www.psscape.com/codemeter and install it the same way as previous versions documented in the PSS CAPE 14 Installation Manual.\n\nContact PSS\u00aeCAPE Support at psscape.support.energy@siemens.com if you need assistance with patching affected systems.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
{
"category": "mitigation",
"details": "SICAM 230\n\nTo fix all issues for existing installations, update SICAM 230 to V8.00 or later version. Then update CodeMeter Runtime to V7.10a: Download the package from WIBU Systems User Software website. Install it on SICAM 230 systems according to the procedure documented in chapter 9 of COPA-DATA Security Vulnerability Announcement 2020_1.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "An attacker could send a specially crafted packet that could have the server send back packets containing data from the heap.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
"references": [
{
"summary": "CVE-2020-16233 - SIMATIC Information Server 2019",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-16233 - SIMATIC PCS neo",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-16233 - SIMATIC Process Historian 2019 (incl. Process Historian OPC UA Server)",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"summary": "CVE-2020-16233 - SIMATIC WinCC OA",
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"summary": "CVE-2020-16233 - SIMIT Simulation Platform",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"summary": "CVE-2020-16233 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"summary": "CVE-2020-16233 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-16233.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "CAPE 14 installations installed from material dated 2020-09-15 or later are not affected, as they contain a fixed version of CodeMeter Runtime",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "If CAPE 14 was initially installed using earlier material, see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"1"
]
},
{
"category": "mitigation",
"details": "Update to SICAM 230 V8.00 or later version. Install WIBU Systems CodeMeter Runtime V7.10a to fix all issues",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "See also the recommendations from section Workarounds and Mitigations",
"product_ids": [
"2"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"2"
]
},
{
"category": "vendor_fix",
"details": "Update to Information Server 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.0 SP1 Update 1 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to Process Historian 2019 SP1 Update 1 contained in PCS neo V3.0 SP1 Update 1",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109784449/"
},
{
"category": "vendor_fix",
"details": "Update to V3.17 P007 or later version",
"product_ids": [
"6"
],
"url": "https://www.winccoa.com/downloads/category/versions-patches.html"
},
{
"category": "vendor_fix",
"details": "Update to V10.2 Upd1 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109794248/"
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"7",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0 SP1 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109793469/"
},
{
"category": "mitigation",
"details": "All products affected by CVE-2020-14513 or CVE-2020-14515: Do not import license files from untrusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SIMATIC WinCC OA V3.17:\n\nUpdate to V3.17 P007 or later version to fix all issues. For patch levels \u003c P007, the following measures apply:\n\nCVE-2020-14509, CVE-2020-14517, and CVE-2020-16233 are already mitigated by default, as no external connections to port 22350/tcp are allowed. Additionally, an update to SIMATIC WinCC OA version V3.17 P006 partially fixes CVE-2020-14517.\n\nCVE-2020-14519: Disable the WebSockets API of CodeMeter Runtime.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SIMIT Simulation Platform (Versions \u003e= V10.0 and \u003c V10.2 Upd1):\n\nTo fix all issues for existing installations, update CodeMeter Runtime to V7.10a: Download from the WIBU Systems User Software website and install on the SIMIT system.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SINEC INS (Versions \u003c V1.0 SP1 only):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package \"CodeMeter User Runtime for Linux, version 7.10a, Driver-only\" from the WIBU Systems User Software website. Install it on the system which runs SINEC INS by executing the following command:\n\nsudo dpkg --force-depends --force-confnew -i codemeter-lite_7.10.4196.501_amd64.deb",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "PSS CAPE Protection Simulation Platform (if initally installed from material dated earlier than 2020-09-15):\n\nUpdate CodeMeter Runtime to V7.10a: Download the package from https://www.psscape.com/codemeter and install it the same way as previous versions documented in the PSS CAPE 14 Installation Manual.\n\nContact PSS\u00aeCAPE Support at psscape.support.energy@siemens.com if you need assistance with patching affected systems.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "SICAM 230\n\nTo fix all issues for existing installations, update SICAM 230 to V8.00 or later version. Then update CodeMeter Runtime to V7.10a: Download the package from WIBU Systems User Software website. Install it on SICAM 230 systems according to the procedure documented in chapter 9 of COPA-DATA Security Vulnerability Announcement 2020_1.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"title": "CVE-2020-16233"
}
]
}
VAR-202009-0319
Vulnerability from variot - Updated: 2024-11-23 20:38CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants.
Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "6.81"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.81"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.06"
},
{
"model": "sppa-t3000 r8.2 sp2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.05"
},
{
"model": "process historian",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic pcs neo",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"cve": "CVE-2020-14513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14513",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51244",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14513",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14513",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-14513",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-51244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-483",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. \n\r\n\r\nMany Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14513",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51244",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"id": "VAR-202009-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
],
"trust": 1.42845470375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
]
},
"last_update_date": "2024-11-23T20:38:38.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Improper input verification vulnerabilities in multiple Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/233338"
},
{
"title": "ARC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127904"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14513"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"date": "2020-09-16T20:15:13.473000",
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"date": "2022-03-15T05:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-483"
},
{
"date": "2024-11-21T05:03:25.957000",
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
],
"trust": 0.6
}
}
VDE-2020-031
Vulnerability from csaf_endresshauserag - Published: 2020-10-27 13:10 - Updated: 2025-05-14 13:00Summary
Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities
Notes
Summary: For further Information please refer to WIBU Advisories directly at https://wibu.com/support/security-advisories.html and the aforementioned CVE-IDs.
Impact: For further Information please refer to WIBU Advisories directly at https://wibu.com/support/security-advisories.html external link and the aforementioned CVE-IDs.
Mitigation: Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Remedation: WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Vendor Fix
WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Mitigation
Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Vendor Fix
WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Mitigation
Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Vendor Fix
WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Mitigation
Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Vendor Fix
WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Mitigation
Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Vendor Fix
WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Mitigation
Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
7.5 (High)
Vendor Fix
WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support
Mitigation
Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
References
3 references
Acknowledgments
Claroty
Sharon Brizinov
Tal Keren
CERT@VDE
CISA
BSI
{
"document": {
"acknowledgments": [
{
"names": [
"Sharon Brizinov",
"Tal Keren"
],
"organization": "Claroty",
"summary": "reported"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"organization": "CISA",
"summary": "coordination"
},
{
"organization": "BSI",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "For further Information please refer to WIBU Advisories directly at https://wibu.com/support/security-advisories.html and the aforementioned CVE-IDs.",
"title": "Summary"
},
{
"category": "description",
"text": "For further Information please refer to WIBU Advisories directly at https://wibu.com/support/security-advisories.html external link and the aforementioned CVE-IDs.",
"title": "Impact"
},
{
"category": "description",
"text": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"title": "Mitigation"
},
{
"category": "description",
"text": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support",
"title": "Remedation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@endress.com",
"name": "Endress+Hauser AG",
"namespace": "https://www.endress.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2020-031: Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-031/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Endress+Hauser AG",
"url": "https://certvde.com/de/advisories/vendor/endress+hauser/"
},
{
"category": "self",
"summary": "VDE-2020-031: Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities - CSAF",
"url": "https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-031.json"
}
],
"title": "Endress+Hauser: Multiple products prone to WIBU CodeMeter vulnerabilities",
"tracking": {
"aliases": [
"VDE-2020-031"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-04-11T08:10:32.428Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2020-031",
"initial_release_date": "2020-10-27T13:10:00.000Z",
"revision_history": [
{
"date": "2020-10-27T13:10:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: added self-reference"
},
{
"date": "2025-04-11T07:00:00.000Z",
"number": "3",
"summary": "Fix: version range, remove Issuing authority"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "4",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "1.02\u003c=1.07",
"product": {
"name": "Software DeviceCare 1.02\u003c=1.07",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"SFE 100"
]
}
}
}
],
"category": "product_name",
"name": "DeviceCare"
},
{
"branches": [
{
"category": "product_version",
"name": "2.15.00",
"product": {
"name": "Software FieldCare 2.15.00",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"model_numbers": [
"SFE 500"
]
}
}
}
],
"category": "product_name",
"name": "FieldCare"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.4.0\u003c=1.5.1",
"product": {
"name": "Software Field Data Manager 1.4.0\u003c=1.5.1",
"product_id": "CSAFPID-51003",
"product_identification_helper": {
"model_numbers": [
"MS20",
"MS21"
]
}
}
}
],
"category": "product_name",
"name": "Field Data Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.03\u003c=1.05",
"product": {
"name": "Software FieldXpert 1.03\u003c=1.05",
"product_id": "CSAFPID-51004",
"product_identification_helper": {
"model_numbers": [
"SMT70",
"SMT77"
]
}
}
}
],
"category": "product_name",
"name": "FieldXpert"
},
{
"branches": [
{
"category": "product_version",
"name": "1.2.0",
"product": {
"name": "Software OPC UA Connectivity Server 1.2.0",
"product_id": "CSAFPID-51005"
}
}
],
"category": "product_name",
"name": "OPC UA Connectivity Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3.0\u003c=3.3",
"product": {
"name": "Software SupplyCare Enterprise 3.0\u003c=3.3",
"product_id": "CSAFPID-51006",
"product_identification_helper": {
"model_numbers": [
"SCE30B",
"SCE31B",
"SCE32B"
]
}
}
}
],
"category": "product_name",
"name": "SupplyCare Enterprise"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Endress+Hauser"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.10.",
"product": {
"name": "Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-51007"
}
},
{
"category": "product_version",
"name": "7.10a",
"product": {
"name": "Software Codemeter 7.10a",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "Codemeter"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Wibu-Systems"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "external_component_of",
"full_product_name": {
"name": "Software DeviceCare 1.02\u003c=1.07 external component of Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51001",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software FieldCare 2.15.00 external component of Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-51002",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software Field Data Manager 1.4.0\u003c=1.5.1 external component of Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software FieldXpert 1.03\u003c=1.05 external component of Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-51004",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software OPC UA Connectivity Server 1.2.0 external component of Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-51005",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software SupplyCare Enterprise 3.0\u003c=3.3 external component of Software Codemeter \u003c=7.10.",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-51006",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software DeviceCare 1.02\u003c=1.07 external component of Software Codemeter 7.10a",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-51001",
"relates_to_product_reference": "CSAFPID-52008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software FieldCare 2.15.00 external component of Software Codemeter 7.10a",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-51002",
"relates_to_product_reference": "CSAFPID-52008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software Field Data Manager 1.4.0\u003c=1.5.1 external component of Software Codemeter 7.10a",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-52008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software FieldXpert 1.03\u003c=1.05 external component of Software Codemeter 7.10a",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-51004",
"relates_to_product_reference": "CSAFPID-52008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software OPC UA Connectivity Server 1.2.0 external component of Software Codemeter 7.10a",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-51005",
"relates_to_product_reference": "CSAFPID-52008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software SupplyCare Enterprise 3.0\u003c=3.3 external component of Software Codemeter 7.10a",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-51006",
"relates_to_product_reference": "CSAFPID-52008"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "\nMultiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support ",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support ",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support ",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "\nThis vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support ",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support ",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WIBU SYSTEMS has released a new Code Meter Runtime version 7.10a dated on 16.9.2020. All the known vulnerabilities are fixed with this version. The version is available at https://www.wibu.com/support ",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Most vulnerabilities have already been fixed in the current Code Meter versions 7.10. Use of this version requires additional mitigation measures to fix all CVEs. For detailed information please refer to WIBU SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-14515"
}
]
}
VDE-2020-032
Vulnerability from csaf_wagogmbhcokg - Published: 2020-09-09 06:23 - Updated: 2025-05-14 12:28Summary
WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT
Notes
Summary: Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT installation. All currently existing e!COCKPIT installation bundles contain vulnerable versions of WIBU-SYSTEMS Codemeter.
Impact: WAGO controllers and IO-Devices are not affected by WIBU-SYSTEMS Codemeter vulnerabilities.
However, due to compatibility reasons to the 3S Codesys Store, the e!COCKPIT engineering software is bundled with a WIBU-SYSTEMS Codemeter installation.
Solution: We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.
During the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.
WAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.
Mitigation: Use general security best practices to protect systems from local and network attacks.
Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.
Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.
For further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website.
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software e!COCKPIT engineering software installation bundles <V1.8
Wago / Software / e!COCKPIT engineering software installation bundles
|
<V1.8 |
Vendor Fix
Mitigation
|
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software e!COCKPIT engineering software installation bundles <V1.8
Wago / Software / e!COCKPIT engineering software installation bundles
|
<V1.8 |
Vendor Fix
Mitigation
|
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software e!COCKPIT engineering software installation bundles <V1.8
Wago / Software / e!COCKPIT engineering software installation bundles
|
<V1.8 |
Vendor Fix
Mitigation
|
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software e!COCKPIT engineering software installation bundles <V1.8
Wago / Software / e!COCKPIT engineering software installation bundles
|
<V1.8 |
Vendor Fix
Mitigation
|
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software e!COCKPIT engineering software installation bundles <V1.8
Wago / Software / e!COCKPIT engineering software installation bundles
|
<V1.8 |
Vendor Fix
Mitigation
|
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software e!COCKPIT engineering software installation bundles <V1.8
Wago / Software / e!COCKPIT engineering software installation bundles
|
<V1.8 |
Vendor Fix
Mitigation
|
References
3 references
Acknowledgments
Claroty
Sharon Brizinov
Tal Keren
CERT@VDE
CISA
BSI
{
"document": {
"acknowledgments": [
{
"names": [
"Sharon Brizinov",
"Tal Keren"
],
"organization": "Claroty",
"summary": "reporting"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"organization": "CISA",
"summary": "coordination"
},
{
"organization": "BSI",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT installation. All currently existing e!COCKPIT installation bundles contain vulnerable versions of WIBU-SYSTEMS Codemeter.",
"title": "Summary"
},
{
"category": "description",
"text": "WAGO controllers and IO-Devices are not affected by WIBU-SYSTEMS Codemeter vulnerabilities.\nHowever, due to compatibility reasons to the 3S Codesys Store, the e!COCKPIT engineering software is bundled with a WIBU-SYSTEMS Codemeter installation.",
"title": "Impact"
},
{
"category": "description",
"text": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"title": "Solution"
},
{
"category": "description",
"text": "Use general security best practices to protect systems from local and network attacks.\nDisable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\nRun WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website. ",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2020-032: WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-032/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2020-032: WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-032.json"
}
],
"title": "WAGO: Vulnerable WIBU-SYSTEMS Codemeter installed through e!COCKPIT",
"tracking": {
"aliases": [
"VDE-2020-032"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-10-28T12:08:09.424Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.13"
}
},
"id": "VDE-2020-032",
"initial_release_date": "2020-09-09T06:23:00.000Z",
"revision_history": [
{
"date": "2020-09-09T06:23:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: added self-reference"
},
{
"date": "2025-02-12T16:48:47.000Z",
"number": "3",
"summary": "Fix: corrected self-reference, fixed version"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "4",
"summary": "Fix: removed ia, added distribution"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.8",
"product": {
"name": "Software e!COCKPIT engineering software installation bundles \u003cV1.8",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "e!COCKPIT engineering software installation bundles"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Wago"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\n3. Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at \nhttps://www.wibu.com/support/security-advisories.html \n\nFurther details on the corresponding CVEs can be obtained here:\nhttps://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-03.pdf ",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\n3. Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at \nhttps://www.wibu.com/support/security-advisories.html \n\nFurther details on the corresponding CVEs can be obtained here:\nhttps://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-04.pdf ",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\n3. Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at \nhttps://www.wibu.com/support/security-advisories.html \n\nFurther details on the corresponding CVEs can be obtained here:\nhttps://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-05.pdf ",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\n3. Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at \nhttps://www.wibu.com/support/security-advisories.html \n\nFurther details on the corresponding CVEs can be obtained here:\nhttps://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-02.pdf ",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\n3. Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at \nhttps://www.wibu.com/support/security-advisories.html \n\nFurther details on the corresponding CVEs can be obtained here:\nhttps://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-01.pdf",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "We strongly encourage e!COCKPIT users to update WIBU-SYSTEMS Codemeter by installing the latest available stand-alone WIBU-SYSTEMS Codemeter Version.\nDuring the WIBU-SYSTEMS Codemeter installation process, refer to the recommended setup settings according to the WIBU-SYSTEMS advisories, a brief summary is provided in the chapter mitigation. Please check for updates and details that may not be included in this document.\nWAGO will provide an updated e!COCKPIT setup routine with the latest WIBU-SYSTEMS Codemeter version approximately in Q4/2020.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Disable the WIBU-SYSTEMS CodeMeter Runtime WebSockets API.\n3. Run WIBU-SYSTEMS CodeMeter only as client and use localhost as binding for the WIBU-SYSTEMS CodeMeter communication. If you need to operate WIBU-SYSTEMS CodeMeter Runtime as Network License Server please make sure that it is operated in a secure environment.\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at \nhttps://www.wibu.com/support/security-advisories.html \n\nFurther details on the corresponding CVEs can be obtained here:\nhttps://www.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-200521-06.pdf ",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14515"
}
]
}
VDE-2020-033
Vulnerability from csaf_pilzgmbhcokg - Published: 2020-09-10 13:18 - Updated: 2025-05-14 12:28Summary
Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities
Notes
Summary: A number of Pilz software tools use the Software CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to change and falsify a licence file, prevent normal operation of Code- Meter (Denial-of-Service) and potentially execute arbitrary code.
Impact: The stated Pilz products are supplied with the WIBU Software CodeMeter Runtime Software in Ver- sions lower than v6.90, which contain a number of vulnerabilities. One of the vulnerabilities enables further vulnerabilities to be exploited via the network.
Remediation: Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if Software CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
References
3 references
Acknowledgments
Claroty
Sharon Brizinov
Tal Keren
CERT@VDE
CISA
BSI
WIBU-Systems
{
"document": {
"acknowledgments": [
{
"names": [
"Sharon Brizinov",
"Tal Keren"
],
"organization": "Claroty",
"summary": "discovered and reported"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"organization": "CISA",
"summary": "coordination"
},
{
"organization": "BSI",
"summary": "coordination"
},
{
"organization": "WIBU-Systems"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A number of Pilz software tools use the Software CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to change and falsify a licence file, prevent normal operation of Code- Meter (Denial-of-Service) and potentially execute arbitrary code.",
"title": "Summary"
},
{
"category": "description",
"text": "The stated Pilz products are supplied with the WIBU Software CodeMeter Runtime Software in Ver- sions lower than v6.90, which contain a number of vulnerabilities. One of the vulnerabilities enables further vulnerabilities to be exploited via the network.",
"title": "Impact"
},
{
"category": "description",
"text": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz"
},
{
"category": "self",
"summary": "VDE-2020-033: Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-033/"
},
{
"category": "self",
"summary": "VDE-2020-033: Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-033.json"
}
],
"title": "Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities",
"tracking": {
"aliases": [
"VDE-2020-033"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-09-30T11:36:52.290Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.12"
}
},
"id": "VDE-2020-033",
"initial_release_date": "2020-09-10T13:18:00.000Z",
"revision_history": [
{
"date": "2020-09-10T13:18:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version space, removed ia, firmware category, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V3 3.5.12",
"product": {
"name": "Software CODESYS DevSys \u003c=V3 3.5.12",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "CODESYS DevSys"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.0",
"product": {
"name": "Software Live Video Server \u003c=1.1.0",
"product_id": "CSAFPID-51002"
}
}
],
"category": "product_name",
"name": "Live Video Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.21.1",
"product": {
"name": "Software PAS4000 \u003c=1.21.1",
"product_id": "CSAFPID-51003"
}
}
],
"category": "product_name",
"name": "PAS4000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.3",
"product": {
"name": "Software PASloto \u003c=1.1.3",
"product_id": "CSAFPID-51004"
}
}
],
"category": "product_name",
"name": "PASloto"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.9.0",
"product": {
"name": "Software PASvisu \u003c=1.9.0",
"product_id": "CSAFPID-51005"
}
}
],
"category": "product_name",
"name": "PASvisu"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.3.0",
"product": {
"name": "Software PNOZsigma \u003c=1.3.0",
"product_id": "CSAFPID-51006"
}
}
],
"category": "product_name",
"name": "PNOZsigma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3.0.0\u003c=3.0.1",
"product": {
"name": "Software SafetyEYE 3.0.0\u003c=3.0.1",
"product_id": "CSAFPID-51007"
}
}
],
"category": "product_name",
"name": "SafetyEYE"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "PILZ"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.90",
"product": {
"name": "Software CodeMeter Runtime \u003c6.90",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": "7.10",
"product": {
"name": "Software CodeMeter Runtime 7.10",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "CodeMeter Runtime"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "WIBU"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software CODESYS DevSys \u003c=V3 3.5.12",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51001"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software Live Video Server \u003c=1.1.0",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51002"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software PAS4000 \u003c=1.21.1",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51003"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software CodeMeter Runtime \u003c6.90",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software PASvisu \u003c=1.9.0",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51005"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software PNOZsigma \u003c=1.3.0",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software SafetyEYE 3.0.0\u003c=3.0.1",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software CODESYS DevSys \u003c=V3 3.5.12",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51001"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software Live Video Server \u003c=1.1.0",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51002"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PAS4000 \u003c=1.21.1",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51003"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PASloto \u003c=1.1.3",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51004"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PASvisu \u003c=1.9.0",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51005"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PNOZsigma \u003c=1.3.0",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software SafetyEYE 3.0.0\u003c=3.0.1",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51007"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12499",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-12499"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if Software CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14515"
}
]
}
VDE-2021-055
Vulnerability from csaf_pilzgmbhcokg - Published: 2022-04-26 10:00 - Updated: 2022-04-26 10:00Summary
Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities
Notes
Summary: The software product PMC programming tool from Pilz is based on the software CODESYS Development System from CODESYS GmbH. This software is affected by several vulnerabilities, which an attacker can exploit locally or via the network. This means that, in a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.
Impact: In a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.
General countermeasures: Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Product-specific countermeasures: No product-specific countermeasures available, please follow the generalcountermeasures or migrate your application to the CODESYS V3 runtime system.
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 2.x.x vers:all/*
Pilz / Software / PMC programming tool 2.x.x
|
vers:all/* |
None Available
|
References
4 references
| URL | Category |
|---|---|
| https://certvde.com/en/advisories/VDE-2021-055/ | self |
| https://pilz.csaf-tp.certvde.com/.well-known/csaf… | self |
| https://www.pilz.com | external |
| https://certvde.com/en/advisories/vendor/pilz/ | external |
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The software product PMC programming tool from Pilz is based on the software CODESYS Development System from CODESYS GmbH. This software is affected by several vulnerabilities, which an attacker can exploit locally or via the network. This means that, in a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.",
"title": "Summary"
},
{
"category": "description",
"text": "In a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.",
"title": "Impact"
},
{
"category": "general",
"text": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"title": "General countermeasures"
},
{
"category": "general",
"text": "No product-specific countermeasures available, please follow the generalcountermeasures or migrate your application to the CODESYS V3 runtime system.",
"title": "Product-specific countermeasures"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-055: Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-055/"
},
{
"category": "self",
"summary": "VDE-2021-055: Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-055.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.pilz.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: PMC programming tool 2.x.x affected by multiple vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-055"
],
"current_release_date": "2022-04-26T10:00:00.000Z",
"generator": {
"date": "2025-05-05T11:58:19.145Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2021-055",
"initial_release_date": "2022-04-26T10:00:00.000Z",
"revision_history": [
{
"date": "2022-04-26T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PMC programming tool 2.x.x vers:all/*",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "PMC programming tool 2.x.x"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Pilz"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34596",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "description",
"text": "A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-34596"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14515"
},
{
"cve": "CVE-2021-34593",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-34593"
},
{
"cve": "CVE-2021-34595",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-34595"
},
{
"cve": "CVE-2019-16265",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "none_available",
"details": "No product-specific countermeasures available, please follow the general\ncountermeasures or migrate your application to the CODESYS V3 runtime system.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-16265"
}
]
}
VDE-2021-061
Vulnerability from csaf_pilzgmbhcokg - Published: 2022-04-26 10:00 - Updated: 2022-04-26 10:00Summary
Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities
Notes
Summary: The software product PMC programming tool from Pilz is based on the software CODESYS Development System from CODESYS GmbH. This software is affected by several vulnerabilities, which an attacker can exploit locally or via the network. This means that, in a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.
Impact: In a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.
Mitigation: Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.
Use a virus scanner or other measures to protect against malware.
Only use CODESYS libraries and archives from trusted sources.
Remediation: Installation of the software version 3.5.17
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.5.17
Pilz / Software / PMC programming tool 3.x.x
|
3.5.17 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PMC programming tool 3.x.x 3.0.0 <= 3.5.15
Pilz / Software / PMC programming tool 3.x.x
|
3.0.0<=3.5.15 |
Mitigation
Vendor Fix
|
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The software product PMC programming tool from Pilz is based on the software CODESYS\u00a0Development System from CODESYS GmbH. This software is affected by several vulnerabilities, which an attacker can exploit locally or via the network. This means that, in a worst\u00a0case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.",
"title": "Summary"
},
{
"category": "description",
"text": "In a worst case, attackers could execute arbitrary program code on the PC on which the PMC programming tool is used.",
"title": "Impact"
},
{
"category": "description",
"text": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Installation of the software version 3.5.17",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-061: Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-061/"
},
{
"category": "self",
"summary": "VDE-2021-061: Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-061.json"
},
{
"category": "external",
"summary": "Pilz PSIRT",
"url": "https://www.pilz.com/en-INT/products/industrial-security/security-incident-management"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: PMC programming tool 3.x.x affected by multiple vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-061"
],
"current_release_date": "2022-04-26T10:00:00.000Z",
"generator": {
"date": "2025-05-05T09:34:10.920Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2021-061",
"initial_release_date": "2022-04-26T10:00:00.000Z",
"revision_history": [
{
"date": "2022-04-26T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "3.0.0\u003c=3.5.15",
"product": {
"name": "PMC programming tool 3.x.x 3.0.0 \u003c= 3.5.15",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "3.5.17",
"product": {
"name": "PMC programming tool 3.x.x 3.5.17",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "PMC programming tool 3.x.x"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Pilz"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2019-13538",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-13538"
},
{
"cve": "CVE-2021-29240",
"notes": [
{
"category": "description",
"text": "The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29240"
},
{
"cve": "CVE-2021-29239",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29239"
},
{
"cve": "CVE-2021-21869",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21869"
},
{
"cve": "CVE-2021-21868",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21868"
},
{
"cve": "CVE-2021-21867",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21867"
},
{
"cve": "CVE-2021-21866",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21866"
},
{
"cve": "CVE-2021-21865",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21865"
},
{
"cve": "CVE-2021-21864",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21864"
},
{
"cve": "CVE-2021-21863",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-21863"
},
{
"cve": "CVE-2019-9009",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-9009"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14515"
},
{
"cve": "CVE-2019-9011",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-9011"
},
{
"cve": "CVE-2019-9013",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-9013"
},
{
"cve": "CVE-2020-12067",
"cwe": {
"id": "CWE-640",
"name": "Weak Password Recovery Mechanism for Forgotten Password"
},
"notes": [
{
"category": "description",
"text": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user\u0027s password may be changed by an attacker without knowledge of the current password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-12067"
},
{
"cve": "CVE-2020-12069",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-12069"
},
{
"cve": "CVE-2020-6081",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "description",
"text": "An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-6081"
},
{
"cve": "CVE-2021-36764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-36764"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-7052",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-7052"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2021-29241",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29241"
},
{
"cve": "CVE-2021-29242",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-29242"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2019-5105",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use a hardware firewall, host-based firewall or comparable measures at network level toprotect against unauthorised network communication with the PC.\nUse a virus scanner or other measures to protect against malware.\nOnly use CODESYS libraries and archives from trusted sources.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Installation of the software version 3.5.17",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2019-5105"
}
]
}
VDE-2020-034
Vulnerability from csaf_pepperlfuchsse - Published: 2020-09-10 13:22 - Updated: 2020-09-10 13:22Summary
Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components
Notes
Summary: Several vulnerabilities have been discovered in the utilized component WIBU-SYSTEMS CodeMeter Runtime.
For detailed information please refer to WIBU-SYSTEMS original Advisories at https://wibu.com/support/security-advisories.html
Impact: Pepperl+Fuchs analyzed and identified affected products.Products are affected according to WIBU-Systems classification.
Remediation: For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 or newer.
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Mitigation: In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Mitigation
In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
Vendor Fix
For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 .
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31008 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — |
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
<p>Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.</p>
9.8 (Critical)
Mitigation
In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
Vendor Fix
For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 .
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32004 | — |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
<p>This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.</p>
7.5 (High)
Mitigation
In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
Vendor Fix
For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 .
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32004 | — |
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
<p>CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.</p>
7.5 (High)
Mitigation
In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
Vendor Fix
For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 .
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
<p>Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.</p>
9.8 (Critical)
Mitigation
In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
Vendor Fix
For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 .
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
<p>CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.</p>
7.5 (High)
Mitigation
In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.
Vendor Fix
For VMT MSS
Update to WIBU Systems CodeMeter Runtime 7.10 .
For VMT IS
Please contact VMT GmbH to receive support for the product update process.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32002 | — |
References
4 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Tal Keren",
"Sharon Brizinov"
],
"organization": "Claroty",
"summary": "reporting"
},
{
"organization": "WIBU-Systems",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several vulnerabilities have been discovered in the utilized component WIBU-SYSTEMS CodeMeter Runtime.\nFor detailed information please refer to WIBU-SYSTEMS original Advisories at\u00a0https://wibu.com/support/security-advisories.html",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected products.Products are affected according to WIBU-Systems classification.",
"title": "Impact"
},
{
"category": "description",
"text": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 or newer.\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"title": "Remediation"
},
{
"category": "description",
"text": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2020-034: Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-034/"
},
{
"category": "self",
"summary": "VDE-2020-034: Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-034.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.pepperl-fuchs.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs SE",
"url": "https://certvde.com/en/advisories/vendor/pepperl-fuchs/"
}
],
"title": "Pepperl+Fuchs: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components",
"tracking": {
"aliases": [
"VDE-2020-034"
],
"current_release_date": "2020-09-10T13:22:00.000Z",
"generator": {
"date": "2025-06-30T07:35:02.211Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.29"
}
},
"id": "VDE-2020-034",
"initial_release_date": "2020-09-10T13:22:00.000Z",
"revision_history": [
{
"date": "2020-09-10T13:22:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.81",
"product": {
"name": "CodeMeter Runtime \u003c6.81",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version_range",
"name": "\u003c6.90",
"product": {
"name": "CodeMeter Runtime \u003c6.90",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version_range",
"name": "\u003c7.10",
"product": {
"name": "CodeMeter Runtime \u003c7.10",
"product_id": "CSAFPID-51003"
}
},
{
"category": "product_version_range",
"name": "\u003c7.10a",
"product": {
"name": "CodeMeter Runtime \u003c7.10a",
"product_id": "CSAFPID-51004"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "CodeMeter Runtime vers:all/*",
"product_id": "CSAFPID-51005"
}
},
{
"category": "product_version",
"name": "6.81",
"product": {
"name": "CodeMeter Runtime 6.81",
"product_id": "CSAFPID-52001"
}
},
{
"category": "product_version",
"name": "6.90",
"product": {
"name": "CodeMeter Runtime 6.90",
"product_id": "CSAFPID-52002"
}
},
{
"category": "product_version",
"name": "7.10",
"product": {
"name": "CodeMeter Runtime 7.10",
"product_id": "CSAFPID-52003"
}
},
{
"category": "product_version",
"name": "7.10a",
"product": {
"name": "CodeMeter Runtime 7.10a",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "CodeMeter Runtime"
}
],
"category": "product_family",
"name": "Software"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MSS",
"product": {
"name": "VMT Software MSS",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_name",
"name": "IS",
"product": {
"name": "VMT Software IS",
"product_id": "CSAFPID-51007"
}
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "VMT"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c6.81 installed with VMT Software MSS",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51001",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c6.90 installed with VMT Software MSS",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-51002",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c7.10 installed with VMT Software MSS",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c7.10a installed with VMT Software MSS",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-51004",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime vers:all/* installed with VMT Software MSS",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-51005",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c6.81 installed with VMT Software IS",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-51001",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c6.90 installed with VMT Software IS",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-51002",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c7.10 installed with VMT Software IS",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime \u003c7.10a installed with VMT Software IS",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-51004",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime vers:all/* installed with VMT Software IS",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-51005",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime 6.81 installed with VMT Software MSS",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime 6.90 installed with VMT Software MSS",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-52002",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime 7.10 installed with VMT Software MSS",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-52003",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "installed_with",
"full_product_name": {
"name": "CodeMeter Runtime 7.10a installed with VMT Software MSS",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-52004",
"relates_to_product_reference": "CSAFPID-51006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31003",
"CSAFPID-31008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 .\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31003",
"CSAFPID-31008"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
},
{
"category": "description",
"text": "\u003cp\u003eMultiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.\u003c/p\u003e",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31004",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 .\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31004",
"CSAFPID-31009"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
},
{
"category": "description",
"text": "\u003cp\u003eThis vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.\u003c/p\u003e",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32004"
],
"known_affected": [
"CSAFPID-31004",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 .\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31004",
"CSAFPID-31009"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
},
{
"category": "description",
"text": "\u003cp\u003eCodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.\u003c/p\u003e",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 .\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
},
{
"category": "description",
"text": "\u003cp\u003eProtocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.\u003c/p\u003e",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31005",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 .\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31005",
"CSAFPID-31010"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
},
{
"category": "description",
"text": "\u003cp\u003eCodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.\u003c/p\u003e",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31002",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "mitigation",
"details": "In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For VMT MSS\nUpdate to WIBU Systems CodeMeter Runtime 7.10 .\n\n\nFor VMT IS\nPlease contact VMT GmbH to receive support for the product update process.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31002",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14515"
}
]
}
VDE-2020-039
Vulnerability from csaf_trumpfsecokg - Published: 2020-10-27 10:28 - Updated: 2025-05-14 12:36Summary
TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities
Notes
Summary: A number of TRUMPF CAD/CAM software tools use the CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to prevent normal operation of CodeMeter, resulting in a Denial-of-Service and potentially execute arbitrary code.
Impact: The stated TRUMPF CAD/CAM products are supplied with the WIBU CodeMeter Runtime Software in versions that are known to contain a number of vulnerabilities. We can not confirm at this time whether the use of vulnerable CodeMeter exposes our products to the risks described in the CVEs mentioned above. Nevertheless, we are working to replace the vulnerable versions of CodeMeter with available fixed versions.
Mitigation: - Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.
- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TRUMPF CAD/CAM software tools vers:all/*
TRUMPF / Software / TRUMPF CAD/CAM software tools
|
vers:all/* |
Mitigation
|
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TRUMPF CAD/CAM software tools vers:all/*
TRUMPF / Software / TRUMPF CAD/CAM software tools
|
vers:all/* |
Mitigation
|
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TRUMPF CAD/CAM software tools vers:all/*
TRUMPF / Software / TRUMPF CAD/CAM software tools
|
vers:all/* |
Mitigation
|
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TRUMPF CAD/CAM software tools vers:all/*
TRUMPF / Software / TRUMPF CAD/CAM software tools
|
vers:all/* |
Mitigation
|
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TRUMPF CAD/CAM software tools vers:all/*
TRUMPF / Software / TRUMPF CAD/CAM software tools
|
vers:all/* |
Mitigation
|
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TRUMPF CAD/CAM software tools vers:all/*
TRUMPF / Software / TRUMPF CAD/CAM software tools
|
vers:all/* |
Mitigation
|
References
3 references
Acknowledgments
CERT@VDE
Claroty
Tal Keren
Sharon Brizinov
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"names": [
"Tal Keren",
"Sharon Brizinov"
],
"organization": "Claroty",
"summary": "reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A number of TRUMPF CAD/CAM software tools use the CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to prevent normal operation of CodeMeter, resulting in a Denial-of-Service and potentially execute arbitrary code.",
"title": "Summary"
},
{
"category": "description",
"text": "The stated TRUMPF CAD/CAM products are supplied with the WIBU CodeMeter Runtime Software in versions that are known to contain a number of vulnerabilities. We can not confirm at this time whether the use of vulnerable CodeMeter exposes our products to the risks described in the CVEs mentioned above. Nevertheless, we are working to replace the vulnerable versions of CodeMeter with available fixed versions.",
"title": "Impact"
},
{
"category": "description",
"text": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for TRUMPF Werkzeugmaschinen SE + Co. KG",
"url": "https://certvde.com/en/advisories/vendor/trumpf/"
},
{
"category": "self",
"summary": "VDE-2020-039: TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-039/"
},
{
"category": "self",
"summary": "VDE-2020-039: TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-039.json"
}
],
"title": "TRUMPF: Multiple products prone to WIBU CodeMeter vulnerabilities",
"tracking": {
"aliases": [
"VDE-2020-039"
],
"current_release_date": "2025-05-14T12:36:39.000Z",
"generator": {
"date": "2025-03-13T09:30:06.818Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2020-039",
"initial_release_date": "2020-10-27T10:28:00.000Z",
"revision_history": [
{
"date": "2020-10-27T10:28:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:36:39.000Z",
"number": "2",
"summary": "Fix: reference category, added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "TRUMPF CAD/CAM software tools vers:all/*",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "TRUMPF CAD/CAM software tools"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "TRUMPF"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14509",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14509"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "description",
"text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-14515"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…