All the vulnerabilites related to siemens - pss_cape
Vulnerability from fkie_nvd
Published
2021-06-16 12:15
Modified
2024-11-21 05:45
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.
References
vulnreport@tenable.comhttps://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdfMitigation, Vendor Advisory
vulnreport@tenable.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfPatch, Third Party Advisory
vulnreport@tenable.comhttps://us-cert.cisa.gov/ics/advisories/icsa-21-210-02Third Party Advisory, US Government Resource
vulnreport@tenable.comhttps://www.tenable.com/security/research/tra-2021-24Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdfMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/research/tra-2021-24Exploit, Patch, Third Party Advisory
Impacted products
Vendor Product Version
wibu codemeter *
siemens pss_cape -
siemens sicam_230_firmware *
siemens sicam_230 -
siemens simatic_information_server 2019
siemens simatic_information_server 2020
siemens simatic_pcs_neo *
siemens simatic_wincc_oa 3.17
siemens simatic_wincc_oa 3.18
siemens simit_simulation_platform *
siemens simit_simulation_platform 10.3
siemens sinec_infrastructure_network_services *
siemens sinec_infrastructure_network_services 1.0.1
siemens sinema_remote_connect_server *
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server 3.0
siemens simatic_process_historian *
siemens simatic_process_historian 2020


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "703D0DCC-23C2-4E57-A273-B6BDA05D424C",
              "versionEndIncluding": "7.21a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "890BA38B-38CD-4B6D-96E8-A786CFFE4C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sicam_230_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559DA1A-EB9D-4F93-9649-D69BF916BEE4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sicam_230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "702949EB-ED2D-4E85-802B-93EEA4FA939E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4BB95C8C-188D-430F-9D59-7F5E1832A0A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_information_server:2020:-:*:*:*:*:*:*",
              "matchCriteriaId": "EBF9131D-6408-443C-9322-2E31B1A87CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "884EC00C-1155-436D-94F4-C6F2303732CF",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:*",
              "matchCriteriaId": "305D0C1C-16AF-4011-B449-F266FFA6FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:*",
              "matchCriteriaId": "2832A89E-57BE-4BB2-94AC-17DC3CFD91FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simit_simulation_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64235511-8464-440C-ACD4-B3D046552735",
              "versionEndExcluding": "10.3",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simit_simulation_platform:10.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "2603C1BD-9B47-4936-B1D2-6D425B764B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
              "versionEndExcluding": "1.0.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "5145C088-C0B0-44EB-A852-74695BCF3806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F65F9901-F4BD-4484-9749-D5022245D686",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F03BAD5-7B90-4212-ACBC-3C878C02CDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5BACE03-50A7-4279-8CA5-2BB95224D485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_process_historian:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73659BCA-7F7A-45D4-AB01-07932B16EA59",
              "versionEndExcluding": "2020",
              "versionStartIncluding": "2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:siemens:simatic_process_historian:2020:-:*:*:*:*:*:*",
              "matchCriteriaId": "C5DB15E6-296B-48DE-945E-48196595B58B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de lectura excesiva del b\u00fafer en Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para revelar el contenido de la memoria de la pila o bloquear el CodeMeter Runtime Server"
    }
  ],
  "id": "CVE-2021-20093",
  "lastModified": "2024-11-21T05:45:54.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-16T12:15:12.037",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2021-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2021-24"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-16 12:15
Modified
2024-11-21 05:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.
References
vulnreport@tenable.comhttps://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdfMitigation, Vendor Advisory
vulnreport@tenable.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfPatch, Third Party Advisory
vulnreport@tenable.comhttps://us-cert.cisa.gov/ics/advisories/icsa-21-210-02Third Party Advisory, US Government Resource
vulnreport@tenable.comhttps://www.tenable.com/security/research/tra-2021-24Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdfMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/research/tra-2021-24Exploit, Patch, Third Party Advisory
Impacted products
Vendor Product Version
wibu codemeter *
siemens pss_cape -
siemens sicam_230_firmware -
siemens sicam_230 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4D83EED-5237-4A45-82AA-5370A6B9D0D9",
              "versionEndExcluding": "7.21a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "890BA38B-38CD-4B6D-96E8-A786CFFE4C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sicam_230_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC0968E-7082-4FBF-AEC0-91B280DA2A8C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sicam_230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "702949EB-ED2D-4E85-802B-93EEA4FA939E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial of service vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en las  de Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para bloquear el CodeMeter Runtime Server"
    }
  ],
  "id": "CVE-2021-20094",
  "lastModified": "2024-11-21T05:45:54.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-16T12:15:12.073",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2021-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2021-24"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-11-14 21:15
Modified
2024-11-21 06:25
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
References
cve@mitre.orghttps://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdfMitigation, Vendor Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfThird Party Advisory
cve@mitre.orghttps://www.wibu.com/us/support/security-advisories.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdfMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.wibu.com/us/support/security-advisories.htmlVendor Advisory
Impacted products
Vendor Product Version
wibu codemeter_runtime *
microsoft windows -
siemens pss_cape 14
siemens pss_e *
siemens pss_e *
siemens pss_odms *
siemens sicam_230 *
siemens simatic_information_server *
siemens simatic_information_server 2019
siemens simatic_information_server 2019
siemens simatic_pcs_neo *
siemens simatic_process_historian *
siemens simatic_wincc_oa *
siemens simit *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8B1884B-18F5-4B92-B83F-C756725FDAB9",
              "versionEndExcluding": "7.30a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:pss_cape:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "76414178-E1E6-40A5-9DD2-FBAD698624C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01D2F88-8820-49E6-8865-3E20AB63289E",
              "versionEndExcluding": "34.9.1",
              "versionStartIncluding": "34.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F42F3EBF-41A9-4F3B-BEED-2954B350E0FA",
              "versionEndExcluding": "35.3.2",
              "versionStartIncluding": "35.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:pss_odms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8707B418-2D99-4303-8102-316081B722D4",
              "versionEndExcluding": "12.2.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sicam_230:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "312E7EA5-61A8-4439-A9E0-87522E8DD141",
              "versionEndExcluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_information_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD2B7BE-73CA-4974-A61C-3E97FE5A2F7F",
              "versionEndExcluding": "2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_information_server:2019:-:*:*:*:*:*:*",
              "matchCriteriaId": "4FA3A37A-6A43-42E1-80BF-7FF346D2F253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4BB95C8C-188D-430F-9D59-7F5E1832A0A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D61D4B81-7F51-49BE-83DD-D2C28D23B0EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_process_historian:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9C8C40-ABBD-496C-BF0B-24098B96D029",
              "versionEndIncluding": "2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_oa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52504DDF-990A-419B-BEAF-E02B4403BBBA",
              "versionEndIncluding": "3.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE96110F-4874-42C5-A891-FD9022FE7803",
              "versionEndIncluding": "10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions."
    },
    {
      "lang": "es",
      "value": "En WIBU CodeMeter Runtime versiones anteriores a 7.30a, la creaci\u00f3n de un enlace simb\u00f3lico CmDongles dise\u00f1ado sobrescribir\u00e1 el archivo enlazado sin comprobar los permisos"
    }
  ],
  "id": "CVE-2021-41057",
  "lastModified": "2024-11-21T06:25:21.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-11-14T21:15:07.797",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.wibu.com/us/support/security-advisories.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.wibu.com/us/support/security-advisories.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-20093
Vulnerability from cvelistv5
Published
2021-06-16 11:09
Modified
2024-08-03 17:30
Severity ?
Summary
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.
References
https://www.tenable.com/security/research/tra-2021-24x_refsource_MISC
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdfx_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2021-24"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wibu-Systems CodeMeter",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.21a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Over-read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T20:11:49",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2021-24"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2021-20093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Wibu-Systems CodeMeter",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 7.21a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Over-read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2021-24",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2021-24"
            },
            {
              "name": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf",
              "refsource": "MISC",
              "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2021-20093",
    "datePublished": "2021-06-16T11:09:02",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:30:07.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20094
Vulnerability from cvelistv5
Published
2021-06-16 11:09
Modified
2024-08-03 17:30
Severity ?
Summary
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.
References
https://www.tenable.com/security/research/tra-2021-24x_refsource_MISC
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdfx_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2021-24"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wibu-Systems CodeMeter",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.21a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Uncaught Exception",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T20:12:10",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2021-24"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2021-20094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Wibu-Systems CodeMeter",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 7.21a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Uncaught Exception"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2021-24",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2021-24"
            },
            {
              "name": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf",
              "refsource": "MISC",
              "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2021-20094",
    "datePublished": "2021-06-16T11:09:07",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:30:07.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-41057
Vulnerability from cvelistv5
Published
2021-11-14 20:21
Modified
2024-08-04 02:59
Severity ?
Summary
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
References
https://www.wibu.com/us/support/security-advisories.htmlx_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfx_refsource_CONFIRM
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wibu.com/us/support/security-advisories.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-14T20:21:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wibu.com/us/support/security-advisories.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-41057",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.wibu.com/us/support/security-advisories.html",
              "refsource": "MISC",
              "url": "https://www.wibu.com/us/support/security-advisories.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
            },
            {
              "name": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf",
              "refsource": "CONFIRM",
              "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-41057",
    "datePublished": "2021-11-14T20:21:30",
    "dateReserved": "2021-09-13T00:00:00",
    "dateUpdated": "2024-08-04T02:59:31.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}