Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47809 (GCVE-0-2025-47809)
Vulnerability from cvelistv5 – Published: 2025-05-16 00:00 – Updated: 2025-05-16 13:36
VLAI
EPSS
Summary
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Severity
8.2 (High)
CWE
- CWE-272 - Least Privilege Violation
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:35:54.604112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:36:00.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter",
"vendor": "Wibu",
"versions": [
{
"lessThan": "8.30a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T00:18:40.444Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47809",
"datePublished": "2025-05-16T00:00:00.000Z",
"dateReserved": "2025-05-10T00:00:00.000Z",
"dateUpdated": "2025-05-16T13:36:00.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47809",
"date": "2026-05-30",
"epss": "0.00069",
"percentile": "0.21444"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47809\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-05-16T01:15:51.827\",\"lastModified\":\"2025-05-16T14:42:18.700\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.\"},{\"lang\":\"es\",\"value\":\"Las versiones anteriores a la versi\u00f3n 8.30a de Wibu CodeMeter a veces permiten la escalada de privilegios inmediatamente despu\u00e9s de la instalaci\u00f3n (antes de cerrar sesi\u00f3n o reiniciar). Para que esto ocurra, debe haber una instalaci\u00f3n sin privilegios con Control de cuentas de usuario (UAC), y el componente CodeMeter Control Center debe estar instalado y no debe haberse reiniciado. En este caso, el usuario local puede acceder desde Importar licencia a una instancia privilegiada del Explorador de Windows.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-272\"}]}],\"references\":[{\"url\":\"https://www.wibu.com/support/security-advisories/wibu-100120.html\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47809\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T13:35:54.604112Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T13:35:57.872Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Wibu\", \"product\": \"CodeMeter\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.30a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.wibu.com/support/security-advisories/wibu-100120.html\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-272\", \"description\": \"CWE-272 Least Privilege Violation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.30a\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-05-16T00:18:40.444Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47809\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T13:36:00.498Z\", \"dateReserved\": \"2025-05-10T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-05-16T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SCA-2025-0014
Vulnerability from csaf_sick - Published: 2025-11-03 11:00 - Updated: 2025-11-03 14:00Summary
CodeMeter vulnerablity affects SICK CODE-LOC and SICK LIDAR-LOC
Notes
summary: A vulnerability in the CodeMeter runtime affects the SICK products SICK CODE-LOC and SICK LIDAR-LOC. This could potentially affect the integrity, confidentiality and availability of the products. Only systems running on Microsoft Windows are affected. Furthermore, the systems are only affected when running the installation and keeping the Control Center component open. As soon as the system has been restarted, it is no longer affected by the vulnerability.
Nevertheless, SICK strongly recommends to upgrade to the latest version of the products to mitigate the risk. Currently, SICK is not aware of any public exploits.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
7.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0009 | — | ||
| Unresolved product id: CSAFPID-0010 | — |
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0007 | — |
Vendor Fix
|
|
| Unresolved product id: CSAFPID-0008 | — |
Vendor Fix
|
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0009 | — | ||
| Unresolved product id: CSAFPID-0010 | — |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the CodeMeter runtime affects the SICK products SICK CODE-LOC and SICK LIDAR-LOC. This could potentially affect the integrity, confidentiality and availability of the products. Only systems running on Microsoft Windows are affected. Furthermore, the systems are only affected when running the installation and keeping the Control Center component open. As soon as the system has been restarted, it is no longer affected by the vulnerability.\nNevertheless, SICK strongly recommends to upgrade to the latest version of the products to mitigate the risk. Currently, SICK is not aware of any public exploits. ",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0014.json"
}
],
"title": "CodeMeter vulnerablity affects SICK CODE-LOC and SICK LIDAR-LOC",
"tracking": {
"current_release_date": "2025-11-03T14:00:00.000Z",
"generator": {
"date": "2025-10-23T07:49:55.780Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.38"
}
},
"id": "SCA-2025-0014",
"initial_release_date": "2025-11-03T11:00:00.000Z",
"revision_history": [
{
"date": "2025-11-03T14:00:00.000Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CODE-LOC all versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "CODE-LOC"
}
],
"category": "product_family",
"name": "CODE-LOC"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LIDAR-LOC all versions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "LIDAR-LOC"
}
],
"category": "product_family",
"name": "LIDAR-LOC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c LLS-2.8.1.24092R",
"product": {
"name": "SICK CODE-LOC firmware \u003c LLS-2.8.1.24092R",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "LLS-2.8.1.24092R",
"product": {
"name": "SICK CODE-LOC firmware LLS-2.8.1.24092R",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "CODE-LOC firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c LLS-2.8.1.24092R",
"product": {
"name": "SICK LIDAR-LOC firmware \u003c LLS-2.8.1.24092R",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version",
"name": "LLS-2.8.1.24092R",
"product": {
"name": "SICK LIDAR-LOC firmware LLS-2.8.1.24092R",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "LIDAR-LOC firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CODE-LOC with Firmware \u003c LLS-2.8.1.24092R",
"product_id": "CSAFPID-0007"
},
"product_reference": "CSAFPID-0003",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LIDAR-LOC with Firmware \u003c LLS-2.8.1.24092R",
"product_id": "CSAFPID-0008"
},
"product_reference": "CSAFPID-0005",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CODE-LOC all versions with Firmware LLS-2.8.1.24092R",
"product_id": "CSAFPID-0009"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LIDAR-LOC all versions with Firmware LLS-2.8.1.24092R",
"product_id": "CSAFPID-0010"
},
"product_reference": "CSAFPID-0006",
"relates_to_product_reference": "CSAFPID-0002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0007",
"CSAFPID-0008"
],
"recommended": [
"CSAFPID-0009",
"CSAFPID-0010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "On Microsoft Windows systems, it is strongly recommended to upgrade to the latest version (LLS-2.8.1.24092R).",
"product_ids": [
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "Privilege Escalation Through CodeMeter Installer on Windows"
}
]
}
SSA-201595
Vulnerability from csaf_siemens - Published: 2025-08-14 00:00 - Updated: 2026-03-10 00:00Summary
SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Notes
Summary: Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege escalation.
Siemens has released instructions how to update the CodeMeter Runtime component and recommends to apply the update on affected systems.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
8.2 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Desigo CC family V5.0
Siemens / Desigo CC family V5.0
|
vers:all/* |
Vendor Fix
|
|
|
Desigo CC family V5.1
Siemens / Desigo CC family V5.1
|
vers:all/* |
Vendor Fix
|
|
|
Desigo CC family V6
Siemens / Desigo CC family V6
|
vers:all/* |
Vendor Fix
|
|
|
Desigo CC family V7
Siemens / Desigo CC family V7
|
vers:all/* |
Vendor Fix
|
|
|
Desigo CC family V8
Siemens / Desigo CC family V8
|
All versions < V8.0 QU2 |
Vendor Fix
fix
|
|
|
SENTRON Powermanager V5
Siemens / SENTRON Powermanager V5
|
vers:all/* |
Vendor Fix
|
|
|
SENTRON Powermanager V6
Siemens / SENTRON Powermanager V6
|
vers:all/* |
Vendor Fix
|
|
|
SENTRON Powermanager V7
Siemens / SENTRON Powermanager V7
|
vers:all/* |
Vendor Fix
|
|
|
SENTRON Powermanager V8
Siemens / SENTRON Powermanager V8
|
All versions < V8.0 QU2 |
Vendor Fix
fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege escalation.\n\nSiemens has released instructions how to update the CodeMeter Runtime component and recommends to apply the update on affected systems.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-201595.html"
},
{
"category": "self",
"summary": "SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-201595.json"
}
],
"title": "SSA-201595: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager",
"tracking": {
"current_release_date": "2026-03-10T00:00:00.000Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-201595",
"initial_release_date": "2025-08-14T00:00:00.000Z",
"revision_history": [
{
"date": "2025-08-14T00:00:00.000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-19T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Clarified that updating WIBU CodeMeter to a later version than V8.30a (currently available: V8.40) will also fix the issue"
},
{
"date": "2026-01-13T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added the fix version for Desigo CC V8.0"
},
{
"date": "2026-03-10T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added the fix version for Sentron Powermanager V8.0"
}
],
"status": "interim",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.0",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V5.1",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Desigo CC family V5.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V6",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Desigo CC family V6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Desigo CC family V7",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Desigo CC family V7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V8.0 QU2",
"product": {
"name": "Desigo CC family V8",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Desigo CC family V8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON Powermanager V5",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SENTRON Powermanager V5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON Powermanager V6",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SENTRON Powermanager V6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SENTRON Powermanager V7",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SENTRON Powermanager V7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V8.0 QU2",
"product": {
"name": "SENTRON Powermanager V8",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SENTRON Powermanager V8"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"category": "summary",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.0 QU2 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997962/"
},
{
"category": "vendor_fix",
"details": "Update to V8.0 QU2 or later version",
"product_ids": [
"9"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109771760/"
},
{
"category": "vendor_fix",
"details": "Apply patch as documented in section \u0027Additional Information\u0027",
"product_ids": [
"1",
"2",
"3",
"4",
"6",
"7",
"8"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9"
]
}
],
"title": "CVE-2025-47809"
}
]
}
SSA-331739
Vulnerability from csaf_siemens - Published: 2025-08-12 00:00 - Updated: 2025-09-09 00:00Summary
SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
Notes
Summary: WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products.
Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
8.2 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIMATIC PDM Maintenance Station V5.0
Siemens / SIMATIC PDM Maintenance Station V5.0
|
vers:all/* |
None Available
|
|
|
SIMATIC WinCC OA V3.18
Siemens / SIMATIC WinCC OA V3.18
|
All versions < V3.18 P032 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC OA V3.19
Siemens / SIMATIC WinCC OA V3.19
|
All versions < V3.19 P020 |
Vendor Fix
fix
|
|
|
SIMATIC WinCC OA V3.20
Siemens / SIMATIC WinCC OA V3.20
|
All versions < V3.20 P008 |
Vendor Fix
fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products.\n\nSiemens has released new versions for affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331739.html"
},
{
"category": "self",
"summary": "SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-331739.json"
}
],
"title": "SSA-331739: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products",
"tracking": {
"current_release_date": "2025-09-09T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-331739",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-09-09T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Removed Simatic Information Server and Simatic Process Historian as they are not affected."
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC PDM Maintenance Station V5.0",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIMATIC PDM Maintenance Station V5.0"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.18 P032",
"product": {
"name": "SIMATIC WinCC OA V3.18",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.19 P020",
"product": {
"name": "SIMATIC WinCC OA V3.19",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V3.20 P008",
"product": {
"name": "SIMATIC WinCC OA V3.20",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC OA V3.20"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"category": "summary",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.18 P032 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109994004/"
},
{
"category": "vendor_fix",
"details": "Update to V3.19 P020 or later version",
"product_ids": [
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109989640/"
},
{
"category": "vendor_fix",
"details": "Update to V3.20 P008 or later version",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109990967/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4"
]
}
],
"title": "CVE-2025-47809"
}
]
}
VDE-2025-064
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2025-09-09 07:00 - Updated: 2025-09-09 07:00Summary
Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation
Severity
High
Notes
Summary: A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated privileges and retains them until restarted, enabling unauthorized access to admin tools like cmd.exe.
Impact: The effect is that CodeMeter Control Center can be launched once as administrator and will remain with these privileges until it is either manually closed or the user is logged out. In this case a malicious user can navigate, for example, to C:\Windows\System32\ and right-click on cmd.exe and select "open", thus getting an administrator console. This vulnerability only affects freshly installed systems until CodeMeter Control Center is restarted.
Remediation: PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.
Additional Recommendations:
Regularly check the product's official webpage for updated release versions that support CodeMeter V8.30a.
Update the Activation Wizard to version 1.8 as soon as it becomes available on the product's download page.
General Recommendation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
Mitigation: After installing the CodeMeter Control Center (at least once), please perform one of the following actions:
- Restart your system
- Log-out and log-in in
- Manually close or restart the CodeMeter Control Center via the system tray icon
These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
8.2 (High)
Vendor Fix
PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.
Additional Recommendations:
Regularly check the product's official webpage for updated release versions that support CodeMeter V8.30a.
Update the Activation Wizard to version 1.8 as soon as it becomes available on the product's download page.
Mitigation
After installing the CodeMeter Control Center (at least once), please perform one of the following actions:
- Restart your system
- Log-out and log-in in
- Manually close or restart the CodeMeter Control Center via the system tray icon
These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PLCnext Engineer 2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1046008
|
PLCnext Engineer 2025.0.3 | |
|
PLCnext Engineer EDU LIC 2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1165889
|
PLCnext Engineer EDU LIC 2025.0.3 | |
|
Activation Wizard 1.8
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
Activation Wizard 1.8 |
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Activation Wizard <1.8
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
Activation Wizard<1.8 | ||
|
PLCnext Engineer <2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1046008
|
PLCnext Engineer<2025.0.3 | |
|
PLCnext Engineer EDU LIC <2025.0.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1165889
|
PLCnext Engineer EDU LIC<2025.0.3 | |
|
FL Network Manager <=8.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
2702889
|
FL Network Manager<=8.0 | |
|
EV Charging Suite (all versions) <=1.7.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
115350911535081128335108692910869211086920
|
EV Charging Suite (all versions)<=1.7.0 | |
|
EV Charging Suite (all upgrades) <=1.7.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
11535201153516115351310868911086889
|
EV Charging Suite (all upgrades)<=1.7.0 | |
|
CLIPX ENGINEER ASSEMBLE <=1.0.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1662166
|
CLIPX ENGINEER ASSEMBLE<=1.0.0 | |
|
MLnext Execution <=1.1.3
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1391115
|
MLnext Execution<=1.1.3 | |
| Unresolved product id: CSAFPID-31001 | — | ||
|
MLnext Creation <=24.10.0
Phoenix Contact GmbH & Co. KG / CodeMeter Runtime licensed Software
|
1697763
|
MLnext Creation<=24.10.0 |
References
5 references
Acknowledgments
CERT@VDE
certvde.com
WIBU-SYSTEMS
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination.",
"urls": [
"https://certvde.com"
]
},
{
"organization": "WIBU-SYSTEMS",
"summary": "reporting."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A local privilege escalation vulnerability in Phoenix Contact products utilizing WIBU-SYSTEMS CodeMeter Runtime allows users to gain admin rights on freshly installed systems. The CodeMeter Control Center starts with elevated privileges and retains them until restarted, enabling unauthorized access to admin tools like cmd.exe.",
"title": "Summary"
},
{
"category": "description",
"text": "The effect is that CodeMeter Control Center can be launched once as administrator and will remain with these privileges until it is either manually closed or the user is logged out. In this case a malicious user can navigate, for example, to C:\\Windows\\System32\\ and right-click on cmd.exe and select \"open\", thus getting an administrator console. This vulnerability only affects freshly installed systems until CodeMeter Control Center is restarted.",
"title": "Impact"
},
{
"category": "description",
"text": "PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.\n\nAdditional Recommendations:\nRegularly check the product\u0027s official webpage for updated release versions that support CodeMeter V8.30a.\nUpdate the Activation Wizard to version 1.8 as soon as it becomes available on the product\u0027s download page.",
"title": "Remediation"
},
{
"category": "general",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
},
{
"category": "description",
"text": "After installing the CodeMeter Control Center (at least once), please perform one of the following actions:\n- Restart your system\n- Log-out and log-in in\n- Manually close or restart the CodeMeter Control Center via the system tray icon\n\n These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.\n\n\n\n",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2025-00011",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
},
{
"category": "self",
"summary": "VDE-2025-064: Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-064"
},
{
"category": "self",
"summary": "VDE-2025-064: Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-064.json"
}
],
"source_lang": "en",
"title": "Phoenix Contact: Products utilizing WIBU-SYSTEMS CodeMeter Runtime Windows Installer have a privilege escalation",
"tracking": {
"aliases": [
"VDE-2025-064",
"PCSA-2025-00011"
],
"current_release_date": "2025-09-09T07:00:00.000Z",
"generator": {
"date": "2025-09-05T10:26:08.025Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.33"
}
},
"id": "VDE-2025-064",
"initial_release_date": "2025-09-09T07:00:00.000Z",
"revision_history": [
{
"date": "2025-09-09T07:00:00.000Z",
"number": "1",
"summary": "Initial"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Activation Wizard\u003c1.8",
"product": {
"name": "Activation Wizard \u003c1.8",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "Activation Wizard 1.8",
"product": {
"name": "Activation Wizard 1.8",
"product_id": "CSAFPID-52001"
}
},
{
"category": "product_version_range",
"name": "PLCnext Engineer\u003c2025.0.3",
"product": {
"name": "PLCnext Engineer \u003c2025.0.3",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"model_numbers": [
"1046008"
]
}
}
},
{
"category": "product_version",
"name": "PLCnext Engineer 2025.0.3",
"product": {
"name": "PLCnext Engineer 2025.0.3",
"product_id": "CSAFPID-52002",
"product_identification_helper": {
"model_numbers": [
"1046008"
]
}
}
},
{
"category": "product_version_range",
"name": "PLCnext Engineer EDU LIC\u003c2025.0.3",
"product": {
"name": "PLCnext Engineer EDU LIC \u003c2025.0.3",
"product_id": "CSAFPID-51003",
"product_identification_helper": {
"model_numbers": [
"1165889"
]
}
}
},
{
"category": "product_version",
"name": "PLCnext Engineer EDU LIC 2025.0.3",
"product": {
"name": "PLCnext Engineer EDU LIC 2025.0.3",
"product_id": "CSAFPID-52003",
"product_identification_helper": {
"model_numbers": [
"1165889"
]
}
}
},
{
"category": "product_version_range",
"name": "FL Network Manager\u003c=8.0",
"product": {
"name": "FL Network Manager \u003c=8.0",
"product_id": "CSAFPID-51004",
"product_identification_helper": {
"model_numbers": [
"2702889"
]
}
}
},
{
"category": "product_version",
"name": "FL Network Manager 9.0",
"product": {
"name": "FL Network Manager 9.0",
"product_id": "CSAFPID-52004",
"product_identification_helper": {
"model_numbers": [
"2702889"
]
}
}
},
{
"category": "product_version_range",
"name": "EV Charging Suite (all versions)\u003c=1.7.0",
"product": {
"name": "EV Charging Suite (all versions) \u003c=1.7.0",
"product_id": "CSAFPID-51005",
"product_identification_helper": {
"model_numbers": [
"1153509",
"1153508",
"1128335",
"1086929",
"1086921",
"1086920"
]
}
}
},
{
"category": "product_version_range",
"name": "EV Charging Suite (all upgrades)\u003c=1.7.0",
"product": {
"name": "EV Charging Suite (all upgrades) \u003c=1.7.0",
"product_id": "CSAFPID-51006",
"product_identification_helper": {
"model_numbers": [
"1153520",
"1153516",
"1153513",
"1086891",
"1086889"
]
}
}
},
{
"category": "product_version_range",
"name": "CLIPX ENGINEER ASSEMBLE\u003c=1.0.0",
"product": {
"name": "CLIPX ENGINEER ASSEMBLE \u003c=1.0.0",
"product_id": "CSAFPID-51007",
"product_identification_helper": {
"model_numbers": [
"1662166"
]
}
}
},
{
"category": "product_version",
"name": "CLIPX ENGINEER ASSEMBLE 1.2.0",
"product": {
"name": "CLIPX ENGINEER ASSEMBLE 1.2.0",
"product_id": "CSAFPID-52007",
"product_identification_helper": {
"model_numbers": [
"1662166"
]
}
}
},
{
"category": "product_version_range",
"name": "MLnext Execution\u003c=1.1.3",
"product": {
"name": "MLnext Execution \u003c=1.1.3",
"product_id": "CSAFPID-51012",
"product_identification_helper": {
"model_numbers": [
"1391115"
]
}
}
},
{
"category": "product_version",
"name": "MLnext Execution 25.8.0",
"product": {
"name": "MLnext Execution 25.8.0",
"product_id": "CSAFPID-52008",
"product_identification_helper": {
"model_numbers": [
"1391115"
]
}
}
},
{
"category": "product_version_range",
"name": "MTP DESIGNER / MTP DESIGNER TRAIL\u003c=1.3.1",
"product": {
"name": "MTP DESIGNER / MTP DESIGNER TRAIL \u003c=1.3.1",
"product_id": "CSAFPID-51009",
"product_identification_helper": {
"model_numbers": [
"1636198",
"1636201"
]
}
}
},
{
"category": "product_version",
"name": "MTP DESIGNER / MTP DESIGNER TRAIL 1.3.2",
"product": {
"name": "MTP DESIGNER / MTP DESIGNER TRAIL 1.3.2",
"product_id": "CSAFPID-52009",
"product_identification_helper": {
"model_numbers": [
"1636198",
"1636201"
]
}
}
},
{
"category": "product_name",
"name": "MORYX-Software Platform",
"product": {
"name": "MORYX-Software Platform",
"product_id": "CSAFPID-51010",
"product_identification_helper": {
"model_numbers": [
"1373907",
"1373909",
"1373233",
"1373910",
"1373226",
"1373236",
"1373231",
"1373224",
"1373913",
"1373912",
"1373238",
"1373914",
"1373915",
"1373916",
"1373917",
"1373918",
"1373908",
"1550573",
"1550576",
"1550581",
"1550587",
"1550580",
"1550582",
"1532628",
"1550574",
"1550589"
]
}
}
},
{
"category": "product_version_range",
"name": "MLnext Creation\u003c=24.10.0",
"product": {
"name": "MLnext Creation \u003c=24.10.0",
"product_id": "CSAFPID-51011",
"product_identification_helper": {
"model_numbers": [
"1697763"
]
}
}
},
{
"category": "product_version",
"name": "MLnext Creation 25.8.0",
"product": {
"name": "MLnext Creation 25.8.0",
"product_id": "CSAFPID-52011",
"product_identification_helper": {
"model_numbers": [
"1697763"
]
}
}
}
],
"category": "product_family",
"name": "CodeMeter Runtime licensed Software"
}
],
"category": "vendor",
"name": "Phoenix Contact GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-61001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51012",
"CSAFPID-51009",
"CSAFPID-31001",
"CSAFPID-51011"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-62001",
"product_ids": [
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52001"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_with",
"full_product_name": {
"name": "Activation Wizard \u003c1.8 installed with MORYX-Software Platform",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51001",
"relates_to_product_reference": "CSAFPID-51010"
},
{
"category": "installed_with",
"full_product_name": {
"name": "Activation Wizard 1.8 installed with MORYX-Software Platform",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51010"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51012",
"CSAFPID-31001",
"CSAFPID-51011"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V8.30a, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V8.30a has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.\n\nAdditional Recommendations:\nRegularly check the product\u0027s official webpage for updated release versions that support CodeMeter V8.30a.\nUpdate the Activation Wizard to version 1.8 as soon as it becomes available on the product\u0027s download page.",
"group_ids": [
"CSAFGID-61001"
]
},
{
"category": "mitigation",
"details": "After installing the CodeMeter Control Center (at least once), please perform one of the following actions:\n- Restart your system\n- Log-out and log-in in\n- Manually close or restart the CodeMeter Control Center via the system tray icon\n\n These steps must be followed immediately after installing the CodeMeter Runtime or any product that includes the CodeMeter Runtime.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51012",
"CSAFPID-31001",
"CSAFPID-51011"
]
}
],
"title": "CVE-2025-47809"
}
]
}
VDE-2026-007
Vulnerability from csaf_trumpfsecokg - Published: 2026-02-23 08:00 - Updated: 2026-02-23 08:00Summary
TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability
Severity
High
Notes
Summary: The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
Impact: The CodeMeter installer on Windows has a vulnerability that allows under certain circumstances an Escalation of Privileges for an unprivileged account. After installation on an unprivileged account with UAC using the built-in administrator account, CodeMeter launches the CodeMeter Control Center with system privileges.
Disclaimer: This document is provided on an \"AS IS\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. TRUMPF SE + Co. KG reserves the right to change or update this document at any time.
Remediation: New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.
| Fixed Product | Version |
| --------------------- | -------- |
| TruTops Boost | 21.00.00 |
| TecZone Bend | 25.11.1 |
| Oseon | 8.00.00 |
| Programming Tube | 6.9 |
| TruTops Cell | 2.77.0 |
| TruTops Weld | 11.0 |
| TRUMPF License Expert | 2.3.2 |
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
8.2 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TruTops Boost 21.00.00
TRUMPF SE + Co. KG / Software / TruTops Boost
|
cpe:2.3:a:trumpf:trutopsboost:21.0.0:*:*:*:*:*:*:*
|
21.00.00 | |
|
TecZone Bend 25.11.1
TRUMPF SE + Co. KG / Software / TecZone Bend
|
cpe:2.3:a:trumpf:teczonebend:25.11.1:*:*:*:*:*:*:*
|
25.11.1 | |
|
Oseon 8.00.00
TRUMPF SE + Co. KG / Software / Oseon
|
cpe:2.3:a:trumpf:oseon:8.0.0:*:*:*:*:*:*:*
|
8.00.00 | |
|
Programming Tube 6.9
TRUMPF SE + Co. KG / Software / Programming Tube
|
cpe:2.3:a:trumpf:programmingtube:6.9.0:*:*:*:*:*:*:*
|
6.9 | |
|
TruTops Cell 2.77.0
TRUMPF SE + Co. KG / Software / TruTops Cell
|
cpe:2.3:a:trumpf:trutopscell:2.77.0:*:*:*:*:*:*:*
|
2.77.0 | |
|
TruTops Weld 11.0
TRUMPF SE + Co. KG / Software / TruTops Weld
|
cpe:2.3:a:trumpf:trutopsweld:11.0.0:*:*:*:*:*:*:*
|
11.0 | |
|
TRUMPF License Expert 2.3.2
TRUMPF SE + Co. KG / Software / TRUMPF License Expert
|
cpe:2.3:a:trumpf:trumpflicenseexpert:2.3.2:*:*:*:*:*:*:*
|
2.3.2 |
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TruTops Boost < 21.00.00
TRUMPF SE + Co. KG / Software / TruTops Boost
|
vers:semver/<21.00.00 |
Vendor Fix
|
|
|
TruTops Boost 20.04.23
TRUMPF SE + Co. KG / Software / TruTops Boost
|
cpe:2.3:a:trumpf:trutopsboost:20.04.23:*:*:*:*:*:*:*
|
20.04.23 |
Vendor Fix
|
|
TecZone Bend < 25.11.1
TRUMPF SE + Co. KG / Software / TecZone Bend
|
vers:semver/<25.11.1 |
Vendor Fix
|
|
|
TecZone Bend 25.10.0
TRUMPF SE + Co. KG / Software / TecZone Bend
|
cpe:2.3:a:trumpf:teczonebend:25.10.0:*:*:*:*:*:*:*
|
25.10.0 |
Vendor Fix
|
|
Oseon < 8.00.00
TRUMPF SE + Co. KG / Software / Oseon
|
vers:semver/<8.00.00 |
Vendor Fix
|
|
|
Oseon 7.04.23
TRUMPF SE + Co. KG / Software / Oseon
|
cpe:2.3:a:trumpf:oseon:7.04.23:*:*:*:*:*:*:*
|
7.04.23 |
Vendor Fix
|
|
Programming Tube < 6.9
TRUMPF SE + Co. KG / Software / Programming Tube
|
vers:semver/<6.9 |
Vendor Fix
|
|
|
Programming Tube 6.8
TRUMPF SE + Co. KG / Software / Programming Tube
|
cpe:2.3:a:trumpf:programmingtube:6.8.0:*:*:*:*:*:*:*
|
6.8 |
Vendor Fix
|
|
TruTops Cell < 2.77.0
TRUMPF SE + Co. KG / Software / TruTops Cell
|
vers:semver/<2.77.0 |
Vendor Fix
|
|
|
TruTops Cell 2.69.29
TRUMPF SE + Co. KG / Software / TruTops Cell
|
cpe:2.3:a:trumpf:trutopscell:2.69.29:*:*:*:*:*:*:*
|
2.69.29 |
Vendor Fix
|
|
TruTops Weld < 11.0
TRUMPF SE + Co. KG / Software / TruTops Weld
|
vers:semver/<11.0 |
Vendor Fix
|
|
|
TruTops Weld 10.0.133
TRUMPF SE + Co. KG / Software / TruTops Weld
|
cpe:2.3:a:trumpf:trutopsweld:10.0.133:*:*:*:*:*:*:*
|
10.0.133 |
Vendor Fix
|
|
TRUMPF License Expert < 2.3.2
TRUMPF SE + Co. KG / Software / TRUMPF License Expert
|
vers:semver/<2.3.2 |
Vendor Fix
|
|
|
TRUMPF License Expert 2.2.2
TRUMPF SE + Co. KG / Software / TRUMPF License Expert
|
cpe:2.3:a:trumpf:trumpflicenseexpert:2.2.2:*:*:*:*:*:*:*
|
2.2.2 |
Vendor Fix
|
References
6 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.",
"title": "Summary"
},
{
"category": "description",
"text": "The CodeMeter installer on Windows has a vulnerability that allows under certain circumstances an Escalation of Privileges for an unprivileged account. After installation on an unprivileged account with UAC using the built-in administrator account, CodeMeter launches the CodeMeter Control Center with system privileges.",
"title": "Impact"
},
{
"category": "legal_disclaimer",
"text": "This document is provided on an \\\"AS IS\\\" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. TRUMPF SE + Co. KG reserves the right to change or update this document at any time.",
"title": "Disclaimer"
},
{
"category": "description",
"text": "New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.\n\n| Fixed Product | Version |\n| --------------------- | -------- |\n| TruTops Boost | 21.00.00 |\n| TecZone Bend | 25.11.1 |\n| Oseon | 8.00.00 |\n| Programming Tube | 6.9 |\n| TruTops Cell | 2.77.0 |\n| TruTops Weld | 11.0 |\n| TRUMPF License Expert | 2.3.2 |\n",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "external",
"summary": "Messages to TRUMPF PSIRT",
"url": "https://www.trumpf.com/en_GB/meta/security-with-trumpf/message-to-psirt/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for TRUMPF SE + Co. KG",
"url": "https://certvde.com/en/advisories/vendor/trumpf/"
},
{
"category": "self",
"summary": "VDE-2026-007: TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-007"
},
{
"category": "self",
"summary": "VDE-2026-007: TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-007.json"
},
{
"category": "external",
"summary": "CVE-2025-47809 - NVD",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47809"
},
{
"category": "external",
"summary": "TRUMPF License Expert",
"url": "https://www.trumpf.com/en_INT/products/software/software-licensing/"
}
],
"title": "TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability",
"tracking": {
"aliases": [
"VDE-2026-007"
],
"current_release_date": "2026-02-23T08:00:00.000Z",
"generator": {
"date": "2026-02-19T10:48:26.979Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.43"
}
},
"id": "VDE-2026-007",
"initial_release_date": "2026-02-23T08:00:00.000Z",
"revision_history": [
{
"date": "2026-02-23T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c21.00.00",
"product": {
"name": "TruTops Boost \u003c 21.00.00",
"product_id": "CSAFPID-00001"
}
},
{
"category": "product_version",
"name": "21.00.00",
"product": {
"name": "TruTops Boost 21.00.00",
"product_id": "CSAFPID-00002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsboost:21.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "20.04.23",
"product": {
"name": "TruTops Boost 20.04.23",
"product_id": "CSAFPID-00003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsboost:20.04.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Boost"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c25.11.1",
"product": {
"name": "TecZone Bend \u003c 25.11.1",
"product_id": "CSAFPID-01001"
}
},
{
"category": "product_version",
"name": "25.11.1",
"product": {
"name": "TecZone Bend 25.11.1",
"product_id": "CSAFPID-01002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:teczonebend:25.11.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "25.10.0",
"product": {
"name": "TecZone Bend 25.10.0",
"product_id": "CSAFPID-01003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:teczonebend:25.10.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TecZone Bend"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c8.00.00",
"product": {
"name": "Oseon \u003c 8.00.00",
"product_id": "CSAFPID-02001"
}
},
{
"category": "product_version",
"name": "8.00.00",
"product": {
"name": "Oseon 8.00.00",
"product_id": "CSAFPID-02002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:oseon:8.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.04.23",
"product": {
"name": "Oseon 7.04.23",
"product_id": "CSAFPID-02003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:oseon:7.04.23:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oseon"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c6.9",
"product": {
"name": "Programming Tube \u003c 6.9",
"product_id": "CSAFPID-03001"
}
},
{
"category": "product_version",
"name": "6.9",
"product": {
"name": "Programming Tube 6.9",
"product_id": "CSAFPID-03002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:programmingtube:6.9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "6.8",
"product": {
"name": "Programming Tube 6.8",
"product_id": "CSAFPID-03003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:programmingtube:6.8.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Programming Tube"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c2.77.0",
"product": {
"name": "TruTops Cell \u003c 2.77.0",
"product_id": "CSAFPID-04001"
}
},
{
"category": "product_version",
"name": "2.77.0",
"product": {
"name": "TruTops Cell 2.77.0",
"product_id": "CSAFPID-04002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopscell:2.77.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.69.29",
"product": {
"name": "TruTops Cell 2.69.29",
"product_id": "CSAFPID-04003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopscell:2.69.29:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Cell"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c11.0",
"product": {
"name": "TruTops Weld \u003c 11.0",
"product_id": "CSAFPID-05001"
}
},
{
"category": "product_version",
"name": "11.0",
"product": {
"name": "TruTops Weld 11.0",
"product_id": "CSAFPID-05002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsweld:11.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "10.0.133",
"product": {
"name": "TruTops Weld 10.0.133",
"product_id": "CSAFPID-05003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trutopsweld:10.0.133:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TruTops Weld"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c2.3.2",
"product": {
"name": "TRUMPF License Expert \u003c 2.3.2",
"product_id": "CSAFPID-06001"
}
},
{
"category": "product_version",
"name": "2.3.2",
"product": {
"name": "TRUMPF License Expert 2.3.2",
"product_id": "CSAFPID-06002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trumpflicenseexpert:2.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.2.2",
"product": {
"name": "TRUMPF License Expert 2.2.2",
"product_id": "CSAFPID-06003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:trumpf:trumpflicenseexpert:2.2.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "TRUMPF License Expert"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "TRUMPF SE + Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-00002",
"CSAFPID-01002",
"CSAFPID-02002",
"CSAFPID-03002",
"CSAFPID-04002",
"CSAFPID-05002",
"CSAFPID-06002"
],
"summary": "Fixed Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-00002",
"CSAFPID-01002",
"CSAFPID-02002",
"CSAFPID-03002",
"CSAFPID-04002",
"CSAFPID-05002",
"CSAFPID-06002"
],
"known_affected": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-20T11:00:00.000Z",
"details": "New versions are available for the affected products. These include an updated WiBu CodeMeter (bundled with TRUMPF License Expert). If your installation is affected, the easiest fix is to install the latest TRUMPF License Expert from https://www.trumpf.com/en_INT/products/software/software-licensing/.\n\n| Fixed Product | Version |\n| --------------------- | -------- |\n| TruTops Boost | 21.00.00 |\n| TecZone Bend | 25.11.1 |\n| Oseon | 8.00.00 |\n| Programming Tube | 6.9 |\n| TruTops Cell | 2.77.0 |\n| TruTops Weld | 11.0 |\n| TRUMPF License Expert | 2.3.2 |\n",
"product_ids": [
"CSAFPID-00001",
"CSAFPID-00003",
"CSAFPID-01001",
"CSAFPID-01003",
"CSAFPID-02001",
"CSAFPID-02003",
"CSAFPID-03001",
"CSAFPID-03003",
"CSAFPID-04001",
"CSAFPID-04003",
"CSAFPID-05001",
"CSAFPID-05003",
"CSAFPID-06001",
"CSAFPID-06003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-00001",
"CSAFPID-01001",
"CSAFPID-02001",
"CSAFPID-03001",
"CSAFPID-04001",
"CSAFPID-05001",
"CSAFPID-06001",
"CSAFPID-00003",
"CSAFPID-01003",
"CSAFPID-02003",
"CSAFPID-03003",
"CSAFPID-04003",
"CSAFPID-05003",
"CSAFPID-06003"
]
}
],
"title": "CVE-2025-47809"
}
]
}
WID-SEC-W-2025-1076
Vulnerability from csaf_certbund - Published: 2025-05-15 22:00 - Updated: 2025-08-12 22:00Summary
Wibu-Systems CodeMeter: Schwachstelle ermöglicht Privilegieneskalation
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SIMATIC WinCC OA
Siemens / SIMATIC WinCC
|
cpe:/a:siemens:simatic_wincc:oa
|
OA | |
|
Wibu-Systems CodeMeter Runtime <8.30a
Wibu-Systems / CodeMeter
|
Runtime <8.30a |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CodeMeter ist eine Software zur Durchsetzung von Lizenzrechten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Wibu-Systems CodeMeter ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1076 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1076.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1076 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1076"
},
{
"category": "external",
"summary": "WIBU Security Advisory vom 2025-05-15",
"url": "https://www.wibu.com/de/support/security-advisories/wibu-100120.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-331739 vom 2025-08-12",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331739.html"
}
],
"source_lang": "en-US",
"title": "Wibu-Systems CodeMeter: Schwachstelle erm\u00f6glicht Privilegieneskalation",
"tracking": {
"current_release_date": "2025-08-12T22:00:00.000+00:00",
"generator": {
"date": "2025-08-13T06:27:43.009+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1076",
"initial_release_date": "2025-05-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Siemens aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "OA",
"product": {
"name": "Siemens SIMATIC WinCC OA",
"product_id": "T017225",
"product_identification_helper": {
"cpe": "cpe:/a:siemens:simatic_wincc:oa"
}
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC"
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Runtime \u003c8.30a",
"product": {
"name": "Wibu-Systems CodeMeter Runtime \u003c8.30a",
"product_id": "T043859"
}
},
{
"category": "product_version",
"name": "Runtime 8.30a",
"product": {
"name": "Wibu-Systems CodeMeter Runtime 8.30a",
"product_id": "T043859-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:wibu:codemeter:runtime__8.30a"
}
}
}
],
"category": "product_name",
"name": "CodeMeter"
}
],
"category": "vendor",
"name": "Wibu-Systems"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47809",
"product_status": {
"known_affected": [
"T017225",
"T043859"
]
},
"release_date": "2025-05-15T22:00:00.000+00:00",
"title": "CVE-2025-47809"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…