VDE-2020-041

Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2020-10-12 09:14 - Updated: 2025-05-14 12:28
Summary
Weidmueller: u-create studio < 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities
Notes
Summary: WIBU-SYSTEMS report multiple vulnerabilities in their CodeMeter Runtime software. As part of the Weidmüller u-create studio installation the WIBU-SYSTEMS CodeMeter is installed by default. As the u-create studio installation bundle contains vulnerable versions of WIBU-SYSTEMS CodeMeter, the u-create studio is affected by a subset of these vulnerabilities. For details refer to section "Impact".
Impact: The stated Weidmüller product is supplied with the WIBU-SYSTEMS CodeMeter Runtime software in version 6.81, which contains the following vulnerabilities: | WIBU Security Advisory | CVE Number | Score | Description | |------------------------|--------------------|-------|-------------| | WIBU-200521-01 | CVE-2020-14513 | 7.5 | Not affected (Fixed in 6.81. Weidmüller uses 6.81 at least.) | | WIBU-200521-02 | CVE-2020-14519 | 8.1 | CodeMeter Runtime WebSockets API: Missing Origin Validation | | WIBU-200521-03 | CVE-2020-14509 | 10.0 | CodeMeter Runtime DoS due to Buffer Access with Incorrect Length Value | | WIBU-200521-04 | CVE-2020-14517 | 9.4 | CodeMeter Runtime API: Inadequate Encryption Strength and Authentication | | WIBU-200521-05 | CVE-2020-16233 | 7.5 | CodeMeter Runtime API: Heap Leak | | WIBU-200521-06 | CVE-2020-14515 | 7.4 | Improper Signature Verification of CmActLicense update files for CmActLicense Firm Code | Runtime software for Weidmüller controllers is not affected because the critical interfaces are disabled.
Mitigation: Use general security best practices to protect systems from local and network attacks. For versions prior to 7.10a run CodeMeter Runtime as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. This is the default configuration. If CodeMeter Runtime is required to run as network server use the CodeMeter License Access Permissions feature to restrict the usage of CodeMeter API. For further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at https://www.wibu.com/support/security-advisories.html
Remediation: - For an installed u-create studio: Update to the current version 7.10a or newer of the CodeMeter Runtime, available via the manufacturer's website. - For a new installation of u-create studio: First install u-create studio, then update to the current version 7.10a or newer of the CodeMeter Runtime available via the manufacturer's website external link. Note: An update of the CodeMeter Runtime before installation of u-create studio will cause errors during installation of u-create studio.
CVE-2020-14509

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-805 - Buffer Access with Incorrect Length Value
Mitigation - Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly. - Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.
CVE-2020-14517

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-326 - Inadequate Encryption Strength
Mitigation - Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly. - Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.
CVE-2020-16233

An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-404 - Improper Resource Shutdown or Release
Mitigation - Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly. - Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.
CVE-2020-14519

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-346 - Origin Validation Error
Mitigation - Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly. - Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.
CVE-2020-14515

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-347 - Improper Verification of Cryptographic Signature
Mitigation - Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly. - Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.
References
Acknowledgments
CERT@VDE
Claroty Tal Keren Sharon Brizinov
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      },
      {
        "names": [
          "Tal Keren",
          "Sharon Brizinov"
        ],
        "organization": "Claroty",
        "summary": "reported"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "WIBU-SYSTEMS report multiple vulnerabilities in their CodeMeter Runtime software. As part of the Weidm\u00fcller u-create studio installation the WIBU-SYSTEMS CodeMeter is installed by default. As the u-create studio installation bundle contains vulnerable versions of WIBU-SYSTEMS CodeMeter, the u-create studio is affected by a subset of these vulnerabilities. For details refer to section \"Impact\".",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The stated Weidm\u00fcller product is supplied with the WIBU-SYSTEMS CodeMeter Runtime software in version 6.81, which contains the following vulnerabilities:\n\n| WIBU Security Advisory | CVE Number         | Score | Description |\n|------------------------|--------------------|-------|-------------|\n| WIBU-200521-01        | CVE-2020-14513     | 7.5   | Not affected (Fixed in 6.81. Weidm\u00fcller uses 6.81 at least.) |\n| WIBU-200521-02        | CVE-2020-14519     | 8.1   | CodeMeter Runtime WebSockets API: Missing Origin Validation |\n| WIBU-200521-03        | CVE-2020-14509     | 10.0  | CodeMeter Runtime DoS due to Buffer Access with Incorrect Length Value |\n| WIBU-200521-04        | CVE-2020-14517     | 9.4   | CodeMeter Runtime API: Inadequate Encryption Strength and Authentication |\n| WIBU-200521-05        | CVE-2020-16233     | 7.5   | CodeMeter Runtime API: Heap Leak |\n| WIBU-200521-06        | CVE-2020-14515     | 7.4   | Improper Signature Verification of CmActLicense update files for CmActLicense Firm Code |\n\nRuntime software for Weidm\u00fcller controllers is not affected because the critical interfaces are disabled.\n",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Use general security best practices to protect systems from local and network attacks.\nFor versions prior to 7.10a run CodeMeter Runtime as client only and use localhost as binding for the\nCodeMeter communication. With binding to localhost an attack is no longer possible via remote network\nconnection. This is the default configuration.\nIf CodeMeter Runtime is required to run as network server use the CodeMeter License Access\nPermissions feature to restrict the usage of CodeMeter API.\n\nFor further impact information and risk mitigation, please refer to the official WIBU-SYSTEMS Advisory Website at https://www.wibu.com/support/security-advisories.html",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "- For an installed u-create studio: Update to the current version 7.10a or newer of the CodeMeter Runtime, available via the manufacturer\u0027s website.\n- For a new installation of u-create studio: First install u-create studio, then update to the current version 7.10a or newer of the CodeMeter Runtime available via the manufacturer\u0027s website external link.\nNote: An update of the CodeMeter Runtime before installation of u-create studio will cause errors during installation of u-create studio.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@weidmueller.com",
      "name": "Weidmueller Interface GmbH \u0026 Co. KG",
      "namespace": "https://www.weidmueller.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Weidmueller Interface GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/weidmueller/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-041: Weidmueller: u-create studio \u003c 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2020-041/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-041: Weidmueller: u-create studio \u003c 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities - CSAF",
        "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-041.json"
      }
    ],
    "title": "Weidmueller: u-create studio \u003c 1.20.2 affected by WIBU-SYSTEMS CodeMeter vulnerabilities",
    "tracking": {
      "aliases": [
        "VDE-2020-041"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2025-03-13T09:38:31.803Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.20"
        }
      },
      "id": "VDE-2020-041",
      "initial_release_date": "2020-10-12T09:14:00.000Z",
      "revision_history": [
        {
          "date": "2020-10-12T09:14:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "2",
          "summary": "Fix: firmware category, reference category, added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "1.18.b",
                    "product": {
                      "name": "u-create studio 1.18.b",
                      "product_id": "CSAFPID-51001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "2660130000"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "u-create studio"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "1.20.2",
                    "product": {
                      "name": "u-create studio 1.20.2",
                      "product_id": "CSAFPID-51002",
                      "product_identification_helper": {
                        "model_numbers": [
                          "2660130000"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "u-create studio"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Weidmueller"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ],
        "summary": "Affected Products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14509",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "notes": [
        {
          "category": "description",
          "text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-14509"
    },
    {
      "cve": "CVE-2020-14517",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "description",
          "text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-14517"
    },
    {
      "cve": "CVE-2020-16233",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "description",
          "text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-16233"
    },
    {
      "cve": "CVE-2020-14519",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "description",
          "text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-14519"
    },
    {
      "cve": "CVE-2020-14515",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "description",
          "text": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Use the updated versions of the TRUMPF CAD/CAM products that will be available via your service channel shortly.\n- Until then, reduce internet usage on workstations with TRUMPF CAD/CAM products to a minimum.",
          "product_ids": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-14515"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.