CVE-2023-3935
Vulnerability from cvelistv5
Published
2023-09-13 13:19
Modified
2024-08-02 07:08
Severity ?
Summary
Wibu: Buffer Overflow in CodeMeter Runtime
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CodeMeter Runtime",
          "vendor": "Wibu",
          "versions": [
            {
              "lessThanOrEqual": "7.60b",
              "status": "affected",
              "version": "0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "CodeMeter Runtime",
          "vendor": "Wibu",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.21g"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
            }
          ],
          "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-19T07:00:20.911Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#64566"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Wibu: Buffer Overflow in CodeMeter Runtime",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-3935",
    "datePublished": "2023-09-13T13:19:18.392Z",
    "dateReserved": "2023-07-25T13:02:40.206Z",
    "dateUpdated": "2024-08-02T07:08:50.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3935\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-09-13T14:15:09.147\",\"lastModified\":\"2024-01-25T20:24:58.783\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.60c\",\"matchCriteriaId\":\"5F783582-7E13-457E-96E9-8FD2D58580F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"3.0.22\",\"matchCriteriaId\":\"6BCF0613-5F59-4DAA-9DDB-A9322892353A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.1\",\"versionEndIncluding\":\"4.6.3\",\"matchCriteriaId\":\"9648C643-3213-4D0B-A3E0-6C4A092E8DAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.02.r8\",\"versionEndIncluding\":\"23.06.01\",\"matchCriteriaId\":\"56F0DB5E-5F18-4DA4-9488-242351FE5994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"926A92BB-2001-4176-9F73-F7F40F4D58CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.00\",\"versionEndIncluding\":\"22.00.00\",\"matchCriteriaId\":\"903A6767-5E6D-4E98-A756-A3FC99BAF13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.2\",\"versionEndIncluding\":\"1.11.1\",\"matchCriteriaId\":\"54F8DF4D-3C69-4117-88A4-9C0F6838C7DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"08.00\",\"versionEndIncluding\":\"12.01.00.00\",\"matchCriteriaId\":\"8360F8C5-1F88-420F-91B2-C75EC8A97A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"09.09.02\",\"matchCriteriaId\":\"3240055F-E26E-4BE9-89A9-D50A6FA5E8F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"01.00\",\"versionEndIncluding\":\"02.26.0\",\"matchCriteriaId\":\"7CD0343C-7A91-4CF7-B70B-CB2569FFE679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"01.00\",\"versionEndIncluding\":\"06.01\",\"matchCriteriaId\":\"EB6D30E6-031C-4104-A573-2FD3773E1CDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"06.00.23.00\",\"versionEndIncluding\":\"16.0.22\",\"matchCriteriaId\":\"B55ED3C4-B111-4A8C-BB9F-A50FCCC38432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.00.23.00\",\"versionEndIncluding\":\"22.8.25\",\"matchCriteriaId\":\"A4180D87-1915-4868-9328-D310282DD7C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.06.20\",\"versionEndIncluding\":\"20.04.20.00\",\"matchCriteriaId\":\"3C7823FE-A87C-494B-AB35-AB2830884282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"00.06.00\",\"versionEndIncluding\":\"01.00\",\"matchCriteriaId\":\"A257AA96-76DA-47CC-A3BA-3CCFB719C62E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"01.02\",\"matchCriteriaId\":\"607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.198.241\",\"versionEndIncluding\":\"9.0.28148.1\",\"matchCriteriaId\":\"1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"08.00\",\"versionEndIncluding\":\"14.06.150\",\"matchCriteriaId\":\"D88C313D-95E2-44EA-A895-F4CA659A5846\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*\",\"versionEndIncluding\":\"1.6\",\"matchCriteriaId\":\"E8198A71-1EA7-4DAC-8D4F-EB646A0DC635\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0\",\"matchCriteriaId\":\"C8751F63-3D03-434A-BF4E-67320F6672FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"907E5EB3-8346-4371-9CFF-0F885CC0529E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"C9659319-4AEC-4112-9EAC-7892C0A37AA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB44DD6D-7685-4346-91BC-30CB9531982A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2023.6\",\"matchCriteriaId\":\"170FABD2-23D5-4885-AA09-B4130F945564\"}]}]}],\"references\":[{\"url\":\"https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-030/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-031/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.