All the vulnerabilites related to Wibu - CodeMeter Runtime
cve-2023-3935
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Wibu | CodeMeter Runtime | |
Wibu | CodeMeter Runtime |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:50.775Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2023-031/" }, { "tags": [ "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2023-030/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "CodeMeter Runtime", "vendor": "Wibu", "versions": [ { "lessThanOrEqual": "7.60b", "status": "affected", "version": "0.0", "versionType": "custom" } ] }, { "defaultStatus": "affected", "product": "CodeMeter Runtime", "vendor": "Wibu", "versions": [ { "status": "unaffected", "version": "7.21g" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system." } ], "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-19T07:00:20.911Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf" }, { "url": "https://cert.vde.com/en/advisories/VDE-2023-031/" }, { "url": "https://cert.vde.com/en/advisories/VDE-2023-030/" } ], "source": { "defect": [ "CERT@VDE#64566" ], "discovery": "UNKNOWN" }, "title": "Wibu: Buffer Overflow in CodeMeter Runtime", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2023-3935", "datePublished": "2023-09-13T13:19:18.392Z", "dateReserved": "2023-07-25T13:02:40.206Z", "dateUpdated": "2024-08-02T07:08:50.775Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-201201-0168
Vulnerability from variot
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Wibu-Systems CodeMeter versions prior to 4.40 are affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: CodeMeter Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA47497
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
RELEASE DATE: 2012-01-12
DISCUSS ADVISORY: http://secunia.com/advisories/47497/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47497/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in CodeMeter, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error. No further information is currently available.
SOLUTION: Update to version 4.40.
ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN78901873/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0168", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codemeter runtime", "scope": "eq", "trust": 1.6, "vendor": "wibu", "version": "4.10b" }, { "model": "codemeter runtime", "scope": "eq", "trust": 1.6, "vendor": "wibu", "version": "4.20a" }, { "model": "codemeter runtime", "scope": "eq", "trust": 1.6, "vendor": "wibu", "version": "4.30c" }, { "model": "codemeter runtime", "scope": "lte", "trust": 1.0, "vendor": "wibu", "version": "4.30d" }, { "model": "codemeter 4.30c", "scope": null, "trust": 0.9, "vendor": "wibu", "version": null }, { "model": "codemeter 4.30d", "scope": null, "trust": 0.9, "vendor": "wibu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "accessdata", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "guidance", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wibu", "version": null }, { "model": "codemeter runtime", "scope": "eq", "trust": 0.8, "vendor": "wibu", "version": "prior to v4.40" }, { "model": "codemeter runtime", "scope": "eq", "trust": 0.6, "vendor": "wibu", "version": "4.30d" }, { "model": "codemeter", "scope": "ne", "trust": 0.3, "vendor": "wibu", "version": "4.40" }, { "model": "4.10b", "scope": null, "trust": 0.2, "vendor": "codemeter runtime", "version": null }, { "model": "4.20a", "scope": null, "trust": 0.2, "vendor": "codemeter runtime", "version": null }, { "model": "4.30c", "scope": null, "trust": 0.2, "vendor": "codemeter runtime", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "codemeter runtime", "version": "*" } ], "sources": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CERT/CC", "id": "VU#659515" }, { "db": "CNVD", "id": "CNVD-2012-0112" }, { "db": "BID", "id": "51382" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "NVD", "id": "CVE-2011-4057" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:4.10b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.30d", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:4.20a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:4.30c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4057" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C.", "sources": [ { "db": "BID", "id": "51382" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ], "trust": 0.9 }, "cve": "CVE-2011-4057", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2012-000003", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4057", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#659515", "trust": 0.8, "value": "0.14" }, { "author": "IPA", "id": "JVNDB-2012-000003", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201201-144", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CERT/CC", "id": "VU#659515" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "NVD", "id": "CVE-2011-4057" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. \nWibu-Systems CodeMeter versions prior to 4.40 are affected. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCodeMeter Unspecified Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47497\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47497/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47497\n\nRELEASE DATE:\n2012-01-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47497/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47497/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47497\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in CodeMeter, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nSOLUTION:\nUpdate to version 4.40. \n\nORIGINAL ADVISORY:\nJVN:\nhttp://jvn.jp/en/jp/JVN78901873/index.html\nhttp://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4057" }, { "db": "CERT/CC", "id": "VU#659515" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "CNVD", "id": "CNVD-2012-0112" }, { "db": "BID", "id": "51382" }, { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "PACKETSTORM", "id": "108606" } ], "trust": 3.42 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "JVN", "id": "JVN78901873", "trust": 4.2 }, { "db": "NVD", "id": "CVE-2011-4057", "trust": 3.5 }, { "db": "CERT/CC", "id": "VU#659515", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2012-000003", "trust": 2.5 }, { "db": "BID", "id": "51382", "trust": 1.9 }, { "db": "SECUNIA", "id": "47497", "trust": 1.9 }, { "db": "OSVDB", "id": "78223", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2012-0112", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201201-144", "trust": 0.8 }, { "db": "JVN", "id": "JVN#78901873", "trust": 0.6 }, { "db": "NSFOCUS", "id": "18465", "trust": 0.6 }, { "db": "IVD", "id": "8204C04D-8A3B-44D1-BE27-ACD6E2404C70", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "108606", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CERT/CC", "id": "VU#659515" }, { "db": "CNVD", "id": "CNVD-2012-0112" }, { "db": "BID", "id": "51382" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "PACKETSTORM", "id": "108606" }, { "db": "NVD", "id": "CVE-2011-4057" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "id": "VAR-201201-0168", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CNVD", "id": "CNVD-2012-0112" } ], "trust": 1.3009009 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CNVD", "id": "CNVD-2012-0112" } ] }, "last_update_date": "2023-12-18T13:49:10.561000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Support \u0026 Downloads - User Software", "trust": 0.8, "url": "http://www.wibu.com/downloads-user-software.html" }, { "title": "Wibu-Systems CodeMeter TCP packet denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/7391" }, { "title": "codemeter_4.40.687.500_i386", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42434" }, { "title": "CmRuntimeUser_4.40.687.500", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42433" }, { "title": "CodeMeterRuntime32", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42432" }, { "title": "codemeter_4.40-sol-SPARC.tar", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42435" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0112" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4057" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.2, "url": "http://jvn.jp/en/jp/jvn78901873/index.html" }, { "trust": 2.4, "url": "http://www.kb.cert.org/vuls/id/659515" }, { "trust": 1.6, "url": "http://www.wibu.com/en/anwendersoftware.html" }, { "trust": 1.6, "url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000003.html" }, { "trust": 1.6, "url": "http://osvdb.org/78223" }, { "trust": 1.6, "url": "http://secunia.com/advisories/47497" }, { "trust": 1.6, "url": "http://www.kb.cert.org/vuls/id/mapg-8mynfl" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/51382" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4057" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4057" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18465" }, { "trust": 0.3, "url": "http://www.wibu.com/en/codemeter.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47497" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47497/#comments" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000003.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47497/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#659515" }, { "db": "CNVD", "id": "CNVD-2012-0112" }, { "db": "BID", "id": "51382" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "PACKETSTORM", "id": "108606" }, { "db": "NVD", "id": "CVE-2011-4057" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CERT/CC", "id": "VU#659515" }, { "db": "CNVD", "id": "CNVD-2012-0112" }, { "db": "BID", "id": "51382" }, { "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "db": "PACKETSTORM", "id": "108606" }, { "db": "NVD", "id": "CVE-2011-4057" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-13T00:00:00", "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "date": "2012-01-12T00:00:00", "db": "CERT/CC", "id": "VU#659515" }, { "date": "2012-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2012-0112" }, { "date": "2012-01-11T00:00:00", "db": "BID", "id": "51382" }, { "date": "2012-01-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "date": "2012-01-12T05:04:03", "db": "PACKETSTORM", "id": "108606" }, { "date": "2012-01-13T18:55:03.767000", "db": "NVD", "id": "CVE-2011-4057" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-16T00:00:00", "db": "CERT/CC", "id": "VU#659515" }, { "date": "2012-01-13T00:00:00", "db": "CNVD", "id": "CNVD-2012-0112" }, { "date": "2012-01-11T00:00:00", "db": "BID", "id": "51382" }, { "date": "2012-01-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-000003" }, { "date": "2012-01-16T05:00:00", "db": "NVD", "id": "CVE-2011-4057" }, { "date": "2012-01-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-144" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-144" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wibu-Systems CodeMeter remote denial of service vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#659515" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "8204c04d-8a3b-44d1-be27-acd6e2404c70" }, { "db": "CNNVD", "id": "CNNVD-201201-144" } ], "trust": 0.8 } }
var-202309-0673
Vulnerability from variot
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0673", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "trutopsboost", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "06.00.23.00" }, { "model": "teczonebend", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "18.02.r8" }, { "model": "trutops cell sw48", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "02.26.0" }, { "model": "topscalculation", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "14.00" }, { "model": "trutops cell classic", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "09.09.02" }, { "model": "teczonebend", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "23.06.01" }, { "model": "trutops cell sw48", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "01.00" }, { "model": "trumpflicenseexpert", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "1.5.2" }, { "model": "trutopsfab storage smallstore", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "20.04.20.00" }, { "model": "programmingtube", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "4.6.3" }, { "model": "trutopsprintmultilaserassistant", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "01.02" }, { "model": "trutopsfab storage smallstore", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "14.06.20" }, { "model": "trutopsweld", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "7.0.198.241" }, { "model": "trutopsprint", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "00.06.00" }, { "model": "oseon", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "3.0.22" }, { "model": "programmingtube", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "1.0.1" }, { "model": "tubedesign", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "14.06.150" }, { "model": "oseon", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "1.0.0" }, { "model": "topscalculation", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "22.00.00" }, { "model": "trutops", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "08.00" }, { "model": "trutopsprint", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "01.00" }, { "model": "trutops mark 3d", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "01.00" }, { "model": "trutopsboost", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "16.0.22" }, { "model": "trutops", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "12.01.00.00" }, { "model": "trumpflicenseexpert", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "1.11.1" }, { "model": "codemeter runtime", "scope": "lt", "trust": 1.0, "vendor": "wibu", "version": "7.60c" }, { "model": "trutopsfab", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "22.8.25" }, { "model": "tubedesign", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "08.00" }, { "model": "trutops mark 3d", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "06.01" }, { "model": "tops unfold", "scope": "eq", "trust": 1.0, "vendor": "trumpf", "version": "05.03.00.00" }, { "model": "trutopsfab", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "15.00.23.00" }, { "model": "trutopsweld", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "9.0.28148.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-4701" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.60c", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.06.150", "versionStartIncluding": "08.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.28148.1", "versionStartIncluding": "7.0.198.241", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "01.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "01.00", "versionStartIncluding": "00.06.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "06.01", "versionStartIncluding": "01.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.04.20.00", "versionStartIncluding": "14.06.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "22.8.25", "versionStartIncluding": "15.00.23.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "02.26.0", "versionStartIncluding": "01.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "09.09.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.0.22", "versionStartIncluding": "06.00.23.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.01.00.00", "versionStartIncluding": "08.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.11.1", "versionStartIncluding": "1.5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "22.00.00", "versionStartIncluding": "14.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "23.06.01", "versionStartIncluding": "18.02.r8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.6.3", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.0.22", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-4701" } ] }, "cve": "CVE-2023-4701", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-4701", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-4701", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-4701" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system", "sources": [ { "db": "NVD", "id": "CVE-2023-4701" }, { "db": "VULMON", "id": "CVE-2023-4701" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT@VDE", "id": "VDE-2023-031", "trust": 1.1 }, { "db": "NVD", "id": "CVE-2023-4701", "trust": 1.1 }, { "db": "CERT@VDE", "id": "VDE-2023-030", "trust": 1.0 }, { "db": "VULMON", "id": "CVE-2023-4701", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-4701" }, { "db": "NVD", "id": "CVE-2023-4701" } ] }, "id": "VAR-202309-0673", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.45604396 }, "last_update_date": "2023-09-21T22:24:54.724000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-269", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-4701" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf" }, { "trust": 1.1, "url": "https://cert.vde.com/en/advisories/vde-2023-031/" }, { "trust": 1.0, "url": "https://cert.vde.com/en/advisories/vde-2023-030/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/269.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-4701" }, { "db": "NVD", "id": "CVE-2023-4701" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-4701" }, { "db": "NVD", "id": "CVE-2023-4701" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2023-4701" }, { "date": "2023-09-13T14:15:00", "db": "NVD", "id": "CVE-2023-4701" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2023-4701" }, { "date": "2023-09-19T08:15:00", "db": "NVD", "id": "CVE-2023-4701" } ] } }
var-202309-0672
Vulnerability from variot
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants.
Siemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0672", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tubedesign", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "08.00" }, { "model": "activation wizard", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.6" }, { "model": "fl network manager", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "7.0" }, { "model": "trutops mark 3d", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "06.01" }, { "model": "trutopsprint", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "01.00" }, { "model": "trutopsboost", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "06.00.23.00" }, { "model": "trutopsfab", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "15.00.23.00" }, { "model": "tops unfold", "scope": "eq", "trust": 1.0, "vendor": "trumpf", "version": "05.03.00.00" }, { "model": "teczonebend", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "18.02.r8" }, { "model": "iol-conf", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.7.0" }, { "model": "trumpflicenseexpert", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "1.11.1" }, { "model": "programmingtube", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "1.0.1" }, { "model": "programmingtube", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "4.6.3" }, { "model": "trutops mark 3d", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "01.00" }, { "model": "trutopsfab storage smallstore", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "14.06.20" }, { "model": "trutopsweld", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "9.0.28148.1" }, { "model": "trutops cell sw48", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "01.00" }, { "model": "trutopsfab storage smallstore", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "20.04.20.00" }, { "model": "module type package designer", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.2.0" }, { "model": "trutopsboost", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "16.0.22" }, { "model": "e-mobility charging suite", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.7.0" }, { "model": "module type package designer", "scope": "lt", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.2.0" }, { "model": "trutopsfab", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "22.8.25" }, { "model": "trutops cell sw48", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "02.26.0" }, { "model": "trutops cell classic", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "09.09.02" }, { "model": "oseon", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "3.0.22" }, { "model": "tubedesign", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "14.06.150" }, { "model": "trutopsweld", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "7.0.198.241" }, { "model": "trumpflicenseexpert", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "1.5.2" }, { "model": "trutops", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "08.00" }, { "model": "topscalculation", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "22.00.00" }, { "model": "trutops", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "12.01.00.00" }, { "model": "trutopsprint", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "00.06.00" }, { "model": "codemeter runtime", "scope": "lt", "trust": 1.0, "vendor": "wibu", "version": "7.60c" }, { "model": "topscalculation", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "14.00" }, { "model": "trutopsprintmultilaserassistant", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "01.02" }, { "model": "plcnext engineer", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "2023.6" }, { "model": "oseon", "scope": "gte", "trust": 1.0, "vendor": "trumpf", "version": "1.0.0" }, { "model": "teczonebend", "scope": "lte", "trust": 1.0, "vendor": "trumpf", "version": "23.06.01" }, { "model": "trutopsweld", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "programmingtube", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "codemeter runtime", "scope": null, "trust": 0.8, "vendor": "wibu", "version": null }, { "model": "trutopsboost", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutopsprintmultilaserassistant", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutopsprint", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "oseon", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutops cell sw48", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutopsfab", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "tops unfold", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutops mark 3d", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutopsfab storage smallstore", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "tubedesign", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutops", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trumpflicenseexpert", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "topscalculation", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "teczonebend", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "trutops cell classic", "scope": null, "trust": 0.8, "vendor": "trumpf", "version": null }, { "model": "sinec ins", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simit simulation platform", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinema remote connect", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v3.17" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v3.18" }, { "model": "pss cape", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v14\u003cv14.2023-08-23" }, { "model": "pss cape", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v15\u003cv15.0.22" }, { "model": "pss e", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v34\u003cv34.9.6" }, { "model": "pss odms", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v13.0" }, { "model": "pss odms", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v13.1\u003cv13.1.12.1" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v3" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4" }, { "model": "simatic wincc oa p006", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v3.19\u003cv3.19" }, { "model": "pss e", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v35" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" }, { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "NVD", "id": "CVE-2023-3935" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.60c", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.06.150", "versionStartIncluding": "08.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.28148.1", "versionStartIncluding": "7.0.198.241", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "01.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "01.00", "versionStartIncluding": "00.06.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "06.01", "versionStartIncluding": "01.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.04.20.00", "versionStartIncluding": "14.06.20", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "22.8.25", "versionStartIncluding": "15.00.23.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "02.26.0", "versionStartIncluding": "01.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "09.09.02", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.0.22", "versionStartIncluding": "06.00.23.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.01.00.00", "versionStartIncluding": "08.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.11.1", "versionStartIncluding": "1.5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "22.00.00", "versionStartIncluding": "14.00", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "23.06.01", "versionStartIncluding": "18.02.r8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.6.3", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.0.22", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*", "cpe_name": [], "versionEndIncluding": "1.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2023.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.7.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-3935" } ] }, "cve": "CVE-2023-3935", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CNVD-2023-69811", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "info@cert.vde.com", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2023-012536", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "info@cert.vde.com", "id": "CVE-2023-3935", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2023-3935", "trust": 1.0, "value": "CRITICAL" }, { "author": "OTHER", "id": "JVNDB-2023-012536", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2023-69811", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" }, { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "NVD", "id": "CVE-2023-3935" }, { "db": "NVD", "id": "CVE-2023-3935" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. \n\r\n\r\nSiemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system", "sources": [ { "db": "NVD", "id": "CVE-2023-3935" }, { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "CNVD", "id": "CNVD-2023-69811" }, { "db": "VULMON", "id": "CVE-2023-3935" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-3935", "trust": 3.3 }, { "db": "CERT@VDE", "id": "VDE-2023-031", "trust": 1.9 }, { "db": "CERT@VDE", "id": "VDE-2023-030", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU92598492", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92008538", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98137233", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-004-01", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-320-03", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-257-06", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-012536", "trust": 0.8 }, { "db": "SIEMENS", "id": "SSA-240541", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2023-69811", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-3935", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" }, { "db": "VULMON", "id": "CVE-2023-3935" }, { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "NVD", "id": "CVE-2023-3935" } ] }, "id": "VAR-202309-0672", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" } ], "trust": 1.1424276933333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" } ] }, "last_update_date": "2024-01-29T15:51:24.364000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial product WIBU system CodeMeter heap buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/460931" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "NVD", "id": "CVE-2023-3935" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf" }, { "trust": 1.9, "url": "https://cert.vde.com/en/advisories/vde-2023-031/" }, { "trust": 1.8, "url": "https://cert.vde.com/en/advisories/vde-2023-030/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98137233/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92598492/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92008538/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3935" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-004-01" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-69811" }, { "db": "VULMON", "id": "CVE-2023-3935" }, { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "NVD", "id": "CVE-2023-3935" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-69811" }, { "db": "VULMON", "id": "CVE-2023-3935" }, { "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "db": "NVD", "id": "CVE-2023-3935" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-09-14T00:00:00", "db": "CNVD", "id": "CNVD-2023-69811" }, { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2023-3935" }, { "date": "2023-12-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "date": "2023-09-13T14:15:09.147000", "db": "NVD", "id": "CVE-2023-3935" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-09-15T00:00:00", "db": "CNVD", "id": "CNVD-2023-69811" }, { "date": "2023-09-13T00:00:00", "db": "VULMON", "id": "CVE-2023-3935" }, { "date": "2024-01-09T02:47:00", "db": "JVNDB", "id": "JVNDB-2023-012536" }, { "date": "2024-01-25T20:24:58.783000", "db": "NVD", "id": "CVE-2023-3935" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wibu-Systems\u00a0AG\u00a0 of \u00a0CodeMeter\u00a0Runtime\u00a0 Out-of-bounds write vulnerability in products from multiple vendors such as", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-012536" } ], "trust": 0.8 } }
var-201411-0382
Vulnerability from variot
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. CodeMeter has a local privilege escalation vulnerability that can be exploited by local attackers to enforce arbitrary code with system privileges. CodeMeter is prone to a local privilege-escalation vulnerability. CodeMeter Weak Service Permissions
Vendor Website : http://www.codemeter.com
INDEX
1. Background
2. Description
3. Affected Products
4. Solution
6. Credit
7. Disclosure Timeline
8. CVE
1. BACKGROUND
CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple open-source products.
2. DESCRIPTION
When the CodeMeter runtime is installed on a Microsoft Windows operating system, it creates a service named "codemeter.exe". When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges.
It should be noted that this vulnerability is not present in the most recent version of Codemeter runtime (currently 5.20).
3. AFFECTED PRODUCTS
Only the following versions have been confirmed vulnerable:
CodeMeter Runtime 4.50b
CodeMeter Runtime 4.40
CodeMeter Runtime 4.20b
4. VULNERABILITIES
4.1 codemeter.exe
5. SOLUTION
Vendor contacted and approved for disclosure as most recent version is not vulnerable.
6. CREDIT
This vulnerability was discovered by Andrew Smith and Matt Smith of Sword & Shield Enterprise Security.
7. DISCLOSURE TIMELINE
7-16-2014 - Vulnerability Discovered
8-11-2014 - Vendor Informed
11-20-2014 - Public Disclosure
8. CVE
CVE-2014-8419
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0382", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codemeter runtime", "scope": "lte", "trust": 1.0, "vendor": "wibu", "version": "5.10c" }, { "model": "codemeter runtime", "scope": "lt", "trust": 0.8, "vendor": "wibu", "version": "5.20" }, { "model": "codemeter", "scope": null, "trust": 0.6, "vendor": "wibu", "version": null }, { "model": "codemeter runtime", "scope": "eq", "trust": 0.6, "vendor": "wibu", "version": "5.10c" }, { "model": "codemeter", "scope": "eq", "trust": 0.3, "vendor": "wibu", "version": "4.40" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "codemeter runtime", "version": "*" } ], "sources": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "BID", "id": "71264" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "NVD", "id": "CVE-2014-8419" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.10c", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-8419" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Andrew Smith and Matt Smith of Sword \u0026 Shield Enterprise Security", "sources": [ { "db": "BID", "id": "71264" } ], "trust": 0.3 }, "cve": "CVE-2014-8419", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2014-8419", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2014-08518", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "a04f2417-b6da-40e8-aac7-926846407d0e", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-8419", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-08518", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201411-502", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "NVD", "id": "CVE-2014-8419" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. CodeMeter has a local privilege escalation vulnerability that can be exploited by local attackers to enforce arbitrary code with system privileges. CodeMeter is prone to a local privilege-escalation vulnerability. CodeMeter Weak Service Permissions\n\nVendor Website : http://www.codemeter.com\n\n INDEX\n---------------------------------------\n 1. Background\n 2. Description\n 3. Affected Products\n 4. Solution\n 6. Credit\n 7. Disclosure Timeline\n 8. CVE\n\n1. BACKGROUND\n---------------------------------------\n CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple open-source products. \n\n2. DESCRIPTION\n---------------------------------------\n\n When the CodeMeter runtime is installed on a Microsoft Windows operating system, it creates a service named \"codemeter.exe\". When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. \n\n It should be noted that this vulnerability is not present in the most recent version of Codemeter runtime (currently 5.20). \n\n\n3. AFFECTED PRODUCTS\n---------------------------------------\n Only the following versions have been confirmed vulnerable: \n\n CodeMeter Runtime 4.50b\n CodeMeter Runtime 4.40\n CodeMeter Runtime 4.20b\n\n \n4. VULNERABILITIES\n---------------------------------------\n\n 4.1 codemeter.exe\n\n\n5. SOLUTION\n---------------------------------------\n Vendor contacted and approved for disclosure as most recent version is not vulnerable. \n\n\n6. CREDIT\n---------------------------------------\n This vulnerability was discovered by Andrew Smith and Matt Smith of Sword \u0026 Shield Enterprise Security. \n\n\n7. DISCLOSURE TIMELINE\n---------------------------------------\n 7-16-2014 - Vulnerability Discovered\n 8-11-2014 - Vendor Informed\n 11-20-2014 - Public Disclosure\n\n\n8. CVE\n---------------------------------------\n CVE-2014-8419\n", "sources": [ { "db": "NVD", "id": "CVE-2014-8419" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "BID", "id": "71264" }, { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "PACKETSTORM", "id": "129234" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-8419", "trust": 3.6 }, { "db": "PACKETSTORM", "id": "129234", "trust": 2.5 }, { "db": "BID", "id": "71264", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-08518", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201411-502", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-005669", "trust": 0.8 }, { "db": "IVD", "id": "A04F2417-B6DA-40E8-AAC7-926846407D0E", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "BID", "id": "71264" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "PACKETSTORM", "id": "129234" }, { "db": "NVD", "id": "CVE-2014-8419" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "id": "VAR-201411-0382", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" } ], "trust": 1.3009009 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" } ] }, "last_update_date": "2023-12-18T13:57:42.059000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.wibu.com/en/home.html" }, { "title": "Patch for Wibu-Systems CodeMeter Local Privilege Escalation Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/52128" }, { "title": "CodeMeter-5.20.1471-504.i386", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52558" }, { "title": "CmRuntimeUser_5.20.1471.504", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52557" }, { "title": "CodeMeterRuntime-5.20", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52556" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "NVD", "id": "CVE-2014-8419" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://packetstormsecurity.com/files/129234/codemeter-weak-service-permissions.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/534079/100/0/threaded" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8419" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8419" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/71264" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/534079/100/0/threaded" }, { "trust": 0.3, "url": "http://www.wibu.com/en/codemeter.html" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/nov/124" }, { "trust": 0.1, "url": "http://www.codemeter.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8419" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "BID", "id": "71264" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "PACKETSTORM", "id": "129234" }, { "db": "NVD", "id": "CVE-2014-8419" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" }, { "db": "BID", "id": "71264" }, { "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "db": "PACKETSTORM", "id": "129234" }, { "db": "NVD", "id": "CVE-2014-8419" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-11-26T00:00:00", "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "date": "2014-11-26T00:00:00", "db": "CNVD", "id": "CNVD-2014-08518" }, { "date": "2014-11-24T00:00:00", "db": "BID", "id": "71264" }, { "date": "2014-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "date": "2014-11-24T10:32:22", "db": "PACKETSTORM", "id": "129234" }, { "date": "2014-11-26T15:59:06.107000", "db": "NVD", "id": "CVE-2014-8419" }, { "date": "2014-11-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-11-26T00:00:00", "db": "CNVD", "id": "CNVD-2014-08518" }, { "date": "2014-11-24T00:00:00", "db": "BID", "id": "71264" }, { "date": "2014-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005669" }, { "date": "2018-10-09T19:54:15.713000", "db": "NVD", "id": "CVE-2014-8419" }, { "date": "2014-11-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-502" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "71264" }, { "db": "PACKETSTORM", "id": "129234" }, { "db": "CNNVD", "id": "CNNVD-201411-502" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wibu-Systems CodeMeter Local Privilege Escalation Vulnerability", "sources": [ { "db": "IVD", "id": "a04f2417-b6da-40e8-aac7-926846407d0e" }, { "db": "CNVD", "id": "CNVD-2014-08518" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201411-502" } ], "trust": 0.6 } }
var-202111-0784
Vulnerability from variot
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0784", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "pss odms", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "12.2.6.1" }, { "model": "pss e", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "35.0.0" }, { "model": "sicam 230", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic information server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "simatic information server", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "pss cape", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "codemeter runtime", "scope": "lt", "trust": 1.0, "vendor": "wibu", "version": "7.30a" }, { "model": "pss e", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "35.3.2" }, { "model": "pss e", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "34.0.0" }, { "model": "simatic process historian", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "simatic wincc oa", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "3.18" }, { "model": "pss e", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "34.9.1" }, { "model": "simit", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "10.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-41057" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.30a", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:pss_cape:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "34.9.1", "versionStartIncluding": "34.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "35.3.2", "versionStartIncluding": "35.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:pss_odms:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.2.6.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sicam_230:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:2019:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_process_historian:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2019", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_oa:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.18", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simit:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-41057" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jok\u016bbas Arsoba reported this vulnerability to Wibu-Systems.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-772" } ], "trust": 0.6 }, "cve": "CVE-2021-41057", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "VHN-402322", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-41057", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-772", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-402322", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-402322" }, { "db": "NVD", "id": "CVE-2021-41057" }, { "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions", "sources": [ { "db": "NVD", "id": "CVE-2021-41057" }, { "db": "VULHUB", "id": "VHN-402322" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-41057", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-580693", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2021.4286", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010503", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-772", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-402322", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-402322" }, { "db": "NVD", "id": "CVE-2021-41057" }, { "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "id": "VAR-202111-0784", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-402322" } ], "trust": 0.639684002 }, "last_update_date": "2023-12-18T12:16:10.701000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CodeMeter Post-link vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170234" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-59", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-402322" }, { "db": "NVD", "id": "CVE-2021-41057" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisory_wibu-210910-01.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf" }, { "trust": 1.7, "url": "https://www.wibu.com/us/support/security-advisories.html" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41057" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4286" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-wibu-systems-codemeter-runtime-36834" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010503" } ], "sources": [ { "db": "VULHUB", "id": "VHN-402322" }, { "db": "NVD", "id": "CVE-2021-41057" }, { "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-402322" }, { "db": "NVD", "id": "CVE-2021-41057" }, { "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-14T00:00:00", "db": "VULHUB", "id": "VHN-402322" }, { "date": "2021-11-14T21:15:07.797000", "db": "NVD", "id": "CVE-2021-41057" }, { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-17T00:00:00", "db": "VULHUB", "id": "VHN-402322" }, { "date": "2021-11-17T18:49:11.867000", "db": "NVD", "id": "CVE-2021-41057" }, { "date": "2022-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-772" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-772" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CodeMeter Post link vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-772" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "post link", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-772" } ], "trust": 0.6 } }