Vulnerabilites related to wibu - codemeter_runtime
cve-2023-3935
Vulnerability from cvelistv5
Published
2023-09-13 13:19
Modified
2024-08-02 07:08
Severity ?
EPSS score ?
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Wibu | CodeMeter Runtime |
Version: 0.0 < |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:08:50.775Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf", }, { tags: [ "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2023-031/", }, { tags: [ "x_transferred", ], url: "https://cert.vde.com/en/advisories/VDE-2023-030/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CodeMeter Runtime", vendor: "Wibu", versions: [ { lessThanOrEqual: "7.60b", status: "affected", version: "0.0", versionType: "custom", }, ], }, { defaultStatus: "affected", product: "CodeMeter Runtime", vendor: "Wibu", versions: [ { status: "unaffected", version: "7.21g", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.", }, ], value: "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T07:00:20.911Z", orgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", shortName: "CERTVDE", }, references: [ { url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf", }, { url: "https://cert.vde.com/en/advisories/VDE-2023-031/", }, { url: "https://cert.vde.com/en/advisories/VDE-2023-030/", }, ], source: { defect: [ "CERT@VDE#64566", ], discovery: "UNKNOWN", }, title: "Wibu: Buffer Overflow in CodeMeter Runtime", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "270ccfa6-a436-4e77-922e-914ec3a9685c", assignerShortName: "CERTVDE", cveId: "CVE-2023-3935", datePublished: "2023-09-13T13:19:18.392Z", dateReserved: "2023-07-25T13:02:40.206Z", dateUpdated: "2024-08-02T07:08:50.775Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8419
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 13:18
Severity ?
EPSS score ?
Summary
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.
References
▼ | URL | Tags |
---|---|---|
http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html | x_refsource_MISC | |
http://www.securityfocus.com/archive/1/534079/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:18:48.164Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html", }, { name: "20141124 CVE-2014-8419 - CodeMeter Weak Service Permissions", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/534079/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-24T00:00:00", descriptions: [ { lang: "en", value: "Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html", }, { name: "20141124 CVE-2014-8419 - CodeMeter Weak Service Permissions", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/534079/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-8419", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html", }, { name: "20141124 CVE-2014-8419 - CodeMeter Weak Service Permissions", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/534079/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-8419", datePublished: "2014-11-26T15:00:00", dateReserved: "2014-10-22T00:00:00", dateUpdated: "2024-08-06T13:18:48.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4057
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.
References
▼ | URL | Tags |
---|---|---|
http://osvdb.org/78223 | vdb-entry, x_refsource_OSVDB | |
http://www.kb.cert.org/vuls/id/MAPG-8MYNFL | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/51382 | vdb-entry, x_refsource_BID | |
http://www.kb.cert.org/vuls/id/659515 | third-party-advisory, x_refsource_CERT-VN | |
http://jvn.jp/en/jp/JVN78901873/index.html | third-party-advisory, x_refsource_JVN | |
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html | third-party-advisory, x_refsource_JVNDB | |
http://secunia.com/advisories/47497 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "78223", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/78223", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", }, { name: "51382", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/51382", }, { name: "VU#659515", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/659515", }, { name: "JVN#78901873", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN78901873/index.html", }, { name: "JVNDB-2012-000003", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html", }, { name: "47497", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/47497", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-01-13T18:00:00Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "78223", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/78223", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", }, { name: "51382", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/51382", }, { name: "VU#659515", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/659515", }, { name: "JVN#78901873", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN78901873/index.html", }, { name: "JVNDB-2012-000003", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html", }, { name: "47497", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/47497", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2011-4057", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "78223", refsource: "OSVDB", url: "http://osvdb.org/78223", }, { name: "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", }, { name: "51382", refsource: "BID", url: "http://www.securityfocus.com/bid/51382", }, { name: "VU#659515", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/659515", }, { name: "JVN#78901873", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN78901873/index.html", }, { name: "JVNDB-2012-000003", refsource: "JVNDB", url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html", }, { name: "47497", refsource: "SECUNIA", url: "http://secunia.com/advisories/47497", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2011-4057", datePublished: "2012-01-13T18:00:00Z", dateReserved: "2011-10-13T00:00:00Z", dateUpdated: "2024-09-16T16:43:55.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41057
Vulnerability from cvelistv5
Published
2021-11-14 20:21
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
References
▼ | URL | Tags |
---|---|---|
https://www.wibu.com/us/support/security-advisories.html | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf | x_refsource_CONFIRM | |
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:59:31.383Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wibu.com/us/support/security-advisories.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-14T20:21:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wibu.com/us/support/security-advisories.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41057", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wibu.com/us/support/security-advisories.html", refsource: "MISC", url: "https://www.wibu.com/us/support/security-advisories.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf", }, { name: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf", refsource: "CONFIRM", url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41057", datePublished: "2021-11-14T20:21:30", dateReserved: "2021-09-13T00:00:00", dateUpdated: "2024-08-04T02:59:31.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-11-14 21:15
Modified
2024-11-21 06:25
Severity ?
Summary
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
wibu | codemeter_runtime | * | |
microsoft | windows | - | |
siemens | pss_cape | 14 | |
siemens | pss_e | * | |
siemens | pss_e | * | |
siemens | pss_odms | * | |
siemens | sicam_230 | * | |
siemens | simatic_information_server | * | |
siemens | simatic_information_server | 2019 | |
siemens | simatic_information_server | 2019 | |
siemens | simatic_pcs_neo | * | |
siemens | simatic_process_historian | * | |
siemens | simatic_wincc_oa | * | |
siemens | simit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "C8B1884B-18F5-4B92-B83F-C756725FDAB9", versionEndExcluding: "7.30a", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:pss_cape:14:*:*:*:*:*:*:*", matchCriteriaId: "76414178-E1E6-40A5-9DD2-FBAD698624C6", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*", matchCriteriaId: "E01D2F88-8820-49E6-8865-3E20AB63289E", versionEndExcluding: "34.9.1", versionStartIncluding: "34.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*", matchCriteriaId: "F42F3EBF-41A9-4F3B-BEED-2954B350E0FA", versionEndExcluding: "35.3.2", versionStartIncluding: "35.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:pss_odms:*:*:*:*:*:*:*:*", matchCriteriaId: "8707B418-2D99-4303-8102-316081B722D4", versionEndExcluding: "12.2.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sicam_230:*:*:*:*:*:*:*:*", matchCriteriaId: "312E7EA5-61A8-4439-A9E0-87522E8DD141", versionEndExcluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_information_server:*:*:*:*:*:*:*:*", matchCriteriaId: "6FD2B7BE-73CA-4974-A61C-3E97FE5A2F7F", versionEndExcluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_information_server:2019:-:*:*:*:*:*:*", matchCriteriaId: "4FA3A37A-6A43-42E1-80BF-7FF346D2F253", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*", matchCriteriaId: "4BB95C8C-188D-430F-9D59-7F5E1832A0A5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", matchCriteriaId: "D61D4B81-7F51-49BE-83DD-D2C28D23B0EA", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_process_historian:*:*:*:*:*:*:*:*", matchCriteriaId: "9A9C8C40-ABBD-496C-BF0B-24098B96D029", versionEndIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_wincc_oa:*:*:*:*:*:*:*:*", matchCriteriaId: "52504DDF-990A-419B-BEAF-E02B4403BBBA", versionEndIncluding: "3.18", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simit:*:*:*:*:*:*:*:*", matchCriteriaId: "CE96110F-4874-42C5-A891-FD9022FE7803", versionEndIncluding: "10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.", }, { lang: "es", value: "En WIBU CodeMeter Runtime versiones anteriores a 7.30a, la creación de un enlace simbólico CmDongles diseñado sobrescribirá el archivo enlazado sin comprobar los permisos", }, ], id: "CVE-2021-41057", lastModified: "2024-11-21T06:25:21.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-14T21:15:07.797", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.wibu.com/us/support/security-advisories.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.wibu.com/us/support/security-advisories.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
wibu | codemeter_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "B9B5A066-F242-4958-A005-CE97B2BA4856", versionEndIncluding: "5.10c", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.", }, { lang: "es", value: "Wibu-Systems CodeMeter Runtime anterior a 5.20 utiliza permisos débiles (acceso de lectura y escritura para todos los usuarios) para codemeter.exe, lo que permite a usuarios locales ganar privilegios a través de un fichero troyano.", }, ], id: "CVE-2014-8419", lastModified: "2024-11-21T02:19:03.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-26T15:59:06.107", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/534079/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/534079/100/0/threaded", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-13 14:15
Modified
2024-11-21 08:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "5F783582-7E13-457E-96E9-8FD2D58580F5", versionEndExcluding: "7.60c", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*", matchCriteriaId: "6BCF0613-5F59-4DAA-9DDB-A9322892353A", versionEndIncluding: "3.0.22", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*", matchCriteriaId: "9648C643-3213-4D0B-A3E0-6C4A092E8DAE", versionEndIncluding: "4.6.3", versionStartIncluding: "1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*", matchCriteriaId: "56F0DB5E-5F18-4DA4-9488-242351FE5994", versionEndIncluding: "23.06.01", versionStartIncluding: "18.02.r8", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*", matchCriteriaId: "926A92BB-2001-4176-9F73-F7F40F4D58CE", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*", matchCriteriaId: "903A6767-5E6D-4E98-A756-A3FC99BAF13F", versionEndIncluding: "22.00.00", versionStartIncluding: "14.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*", matchCriteriaId: "54F8DF4D-3C69-4117-88A4-9C0F6838C7DD", versionEndIncluding: "1.11.1", versionStartIncluding: "1.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*", matchCriteriaId: "8360F8C5-1F88-420F-91B2-C75EC8A97A0C", versionEndIncluding: "12.01.00.00", versionStartIncluding: "08.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*", matchCriteriaId: "3240055F-E26E-4BE9-89A9-D50A6FA5E8F1", versionEndIncluding: "09.09.02", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*", matchCriteriaId: "7CD0343C-7A91-4CF7-B70B-CB2569FFE679", versionEndIncluding: "02.26.0", versionStartIncluding: "01.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "EB6D30E6-031C-4104-A573-2FD3773E1CDF", versionEndIncluding: "06.01", versionStartIncluding: "01.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*", matchCriteriaId: "B55ED3C4-B111-4A8C-BB9F-A50FCCC38432", versionEndIncluding: "16.0.22", versionStartIncluding: "06.00.23.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*", matchCriteriaId: "A4180D87-1915-4868-9328-D310282DD7C4", versionEndIncluding: "22.8.25", versionStartIncluding: "15.00.23.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*", matchCriteriaId: "3C7823FE-A87C-494B-AB35-AB2830884282", versionEndIncluding: "20.04.20.00", versionStartIncluding: "14.06.20", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*", matchCriteriaId: "A257AA96-76DA-47CC-A3BA-3CCFB719C62E", versionEndIncluding: "01.00", versionStartIncluding: "00.06.00", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*", matchCriteriaId: "607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1", versionStartIncluding: "01.02", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*", matchCriteriaId: "1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9", versionEndIncluding: "9.0.28148.1", versionStartIncluding: "7.0.198.241", vulnerable: true, }, { criteria: "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*", matchCriteriaId: "D88C313D-95E2-44EA-A895-F4CA659A5846", versionEndIncluding: "14.06.150", versionStartIncluding: "08.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*", matchCriteriaId: "E8198A71-1EA7-4DAC-8D4F-EB646A0DC635", versionEndIncluding: "1.6", vulnerable: true, }, { criteria: "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*", matchCriteriaId: "2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77", versionEndIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C8751F63-3D03-434A-BF4E-67320F6672FD", versionEndIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*", matchCriteriaId: "907E5EB3-8346-4371-9CFF-0F885CC0529E", versionEndIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*", matchCriteriaId: "C9659319-4AEC-4112-9EAC-7892C0A37AA8", versionEndExcluding: "1.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*", matchCriteriaId: "BB44DD6D-7685-4346-91BC-30CB9531982A", vulnerable: true, }, { criteria: "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*", matchCriteriaId: "170FABD2-23D5-4885-AA09-B4130F945564", versionEndIncluding: "2023.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.", }, { lang: "es", value: "Una vulnerabilidad de Desbordamiento del Búfer en el servicio de red Wibu CodeMeter Runtime hasta la versión 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitrión.", }, ], id: "CVE-2023-3935", lastModified: "2024-11-21T08:18:21.260", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "info@cert.vde.com", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2023-09-13T14:15:09.147", references: [ { source: "info@cert.vde.com", tags: [ "Vendor Advisory", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf", }, { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2023-030/", }, { source: "info@cert.vde.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2023-031/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2023-030/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en/advisories/VDE-2023-031/", }, ], sourceIdentifier: "info@cert.vde.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "info@cert.vde.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-01-13 18:55
Modified
2024-11-21 01:31
Severity ?
Summary
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
wibu | codemeter_runtime | * | |
wibu | codemeter_runtime | 4.10b | |
wibu | codemeter_runtime | 4.20a | |
wibu | codemeter_runtime | 4.30c |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "D35A9746-2D97-4488-B67D-E95EE55874EA", versionEndIncluding: "4.30d", vulnerable: true, }, { criteria: "cpe:2.3:a:wibu:codemeter_runtime:4.10b:*:*:*:*:*:*:*", matchCriteriaId: "F77E361B-E1DC-4DC5-AD2A-93CEC9D10909", vulnerable: true, }, { criteria: "cpe:2.3:a:wibu:codemeter_runtime:4.20a:*:*:*:*:*:*:*", matchCriteriaId: "0228E7C6-E7CE-4ECE-B3EC-1EEAD666F808", vulnerable: true, }, { criteria: "cpe:2.3:a:wibu:codemeter_runtime:4.30c:*:*:*:*:*:*:*", matchCriteriaId: "048F9DF3-10A2-4BF3-9C30-F3E859184555", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.", }, { lang: "es", value: "Wibu-Systems AG CodeMeter Runtime v4.30c, 4v.10b, y posiblemente otras versiones anterior a v4.40 permite a atacantes remotos provocar una denegación de servicio (caída de CodeMeter.exe) a través de ciertos paquetes especialmente diseñado dirigidos al puerto TCP 22350.", }, ], id: "CVE-2011-4057", lastModified: "2024-11-21T01:31:46.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-01-13T18:55:03.767", references: [ { source: "cret@cert.org", url: "http://jvn.jp/en/jp/JVN78901873/index.html", }, { source: "cret@cert.org", url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html", }, { source: "cret@cert.org", url: "http://osvdb.org/78223", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/47497", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/659515", }, { source: "cret@cert.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/51382", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN78901873/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/78223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/47497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/659515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/51382", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }