var-202009-0303
Vulnerability from variot
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool.
Many Siemens products have security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0303", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "codemeter", "scope": "lt", "trust": 1.0, "vendor": "wibu", "version": "6.90" }, { "model": "codemeter", "scope": null, "trust": 0.8, "vendor": "wibu", "version": null }, { "model": "codemeter", "scope": "eq", "trust": 0.8, "vendor": "wibu", "version": null }, { "model": "codemeter", "scope": "eq", "trust": 0.8, "vendor": "wibu", "version": "6.90" }, { "model": "process historian", "scope": "lte", "trust": 0.6, "vendor": "siemens", "version": "\u003c=2019" }, { "model": "simatic pcs neo", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simit simulation platform", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinema remote connect", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "NVD", "id": "CVE-2020-14515" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.90", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-14515" } ] }, "cve": "CVE-2020-14515", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-14515", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 5.6, "confidentialityImpact": "NONE", "exploitabilityScore": 1.9, "id": "CNVD-2020-51243", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-14515", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-14515", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2020-51243", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202009-488", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "NVD", "id": "CVE-2020-14515" }, { "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool. \n\r\n\r\nMany Siemens products have security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2020-14515" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "CNVD", "id": "CNVD-2020-51243" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-14515", "trust": 3.8 }, { "db": "ICS CERT", "id": "ICSA-20-203-01", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90770748", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94568336", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-011221", "trust": 0.8 }, { "db": "SIEMENS", "id": "SSA-455843", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-51243", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3076.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3076.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3076", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021806", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202009-488", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "NVD", "id": "CVE-2020-14515" }, { "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "id": "VAR-202009-0303", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" } ], "trust": 1.3152251339999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" } ] }, "last_update_date": "2023-12-18T11:13:37.992000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CodeMeter", "trust": 0.8, "url": "https://www.wibu.com/products/codemeter.html" }, { "title": "Patch for Improper password signature verification vulnerabilities in many Siemens products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/233341" }, { "title": "Wibu-Systems AG CodeMeter Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127909" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-347", "trust": 1.0 }, { "problemtype": "Improper verification of digital signatures (CWE-347) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "NVD", "id": "CVE-2020-14515" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14515" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94568336/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90770748/" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021806" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3076/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-51243" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "NVD", "id": "CVE-2020-14515" }, { "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-51243" }, { "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "db": "NVD", "id": "CVE-2020-14515" }, { "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-10T00:00:00", "db": "CNVD", "id": "CNVD-2020-51243" }, { "date": "2021-03-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "date": "2020-09-16T20:15:13.567000", "db": "NVD", "id": "CVE-2020-14515" }, { "date": "2020-09-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-10T00:00:00", "db": "CNVD", "id": "CNVD-2020-51243" }, { "date": "2022-03-15T05:07:00", "db": "JVNDB", "id": "JVNDB-2020-011221" }, { "date": "2020-09-22T17:56:46.080000", "db": "NVD", "id": "CVE-2020-14515" }, { "date": "2022-02-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-488" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-488" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CodeMeter\u00a0 Digital Signature Verification Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-011221" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-488" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.