Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
62 vulnerabilities by Wibu
CVE-2020-37017 (GCVE-0-2020-37017)
Vulnerability from cvelistv5 – Published: 2026-01-29 14:28 – Updated: 2026-03-05 01:27 Disputed
VLAI
Title
CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path
Summary
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48735 | exploit |
| https://www.wibu.com/us/products/codemeter/runtime.html | product |
| https://www.vulncheck.com/advisories/codemeter-co… | third-party-advisory |
Date Public
2020-08-05 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37017",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T15:06:31.083844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T15:07:09.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter",
"vendor": "Wibu",
"versions": [
{
"status": "affected",
"version": "6.60"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter:6.60:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luis Martinez"
}
],
"datePublic": "2020-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.\u003c/p\u003e"
}
],
"value": "CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:27:27.506Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48735",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48735"
},
{
"name": "CodeMeter Runtime Product Homepage",
"tags": [
"product"
],
"url": "https://www.wibu.com/us/products/codemeter/runtime.html"
},
{
"name": "VulnCheck Advisory: CodeMeter 6.60 - \u0027CodeMeter.exe\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/codemeter-codemeterexe-unquoted-service-path"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"disputed"
],
"title": "CodeMeter 6.60 - \u0027CodeMeter.exe\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37017",
"datePublished": "2026-01-29T14:28:33.069Z",
"dateReserved": "2026-01-28T18:18:30.521Z",
"dateUpdated": "2026-03-05T01:27:27.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47810 (GCVE-0-2021-47810)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-03-05 01:28
VLAI
Title
WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
Summary
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49999 | exploit |
| https://www.wibu.com | product |
| https://www.wibu.com/us/support/user/downloads-us… | product |
| https://www.vulncheck.com/advisories/wibukey-runt… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wibu | WibuKey Runtime |
Affected:
6.51
|
Date Public
2021-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:05:41.513013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:11:21.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49999"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WibuKey Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "affected",
"version": "6.51"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:wibukey:6.51:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Rodriguez"
}
],
"datePublic": "2021-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\PROGRAM FILES (X86)\\WIBUKEY\\SERVER\\WkSvW32.exe\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:28:41.910Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49999",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49999"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.wibu.com"
},
{
"name": "Software Download Page",
"tags": [
"product"
],
"url": "https://www.wibu.com/us/support/user/downloads-user-software.html"
},
{
"name": "VulnCheck Advisory: WibuKey Runtime 6.51 - \u0027WkSvW32.exe\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wibukey-runtime-wksvwexe-unquoted-service-path"
}
],
"title": "WibuKey Runtime 6.51 - \u0027WkSvW32.exe\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47810",
"datePublished": "2026-01-15T23:25:53.004Z",
"dateReserved": "2026-01-14T17:11:19.893Z",
"dateUpdated": "2026-03-05T01:28:41.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47809 (GCVE-0-2025-47809)
Vulnerability from cvelistv5 – Published: 2025-05-16 00:00 – Updated: 2025-05-16 13:36
VLAI
Summary
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-272 - Least Privilege Violation
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:35:54.604112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:36:00.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter",
"vendor": "Wibu",
"versions": [
{
"lessThan": "8.30a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T00:18:40.444Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47809",
"datePublished": "2025-05-16T00:00:00.000Z",
"dateReserved": "2025-05-10T00:00:00.000Z",
"dateUpdated": "2025-05-16T13:36:00.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45182 (GCVE-0-2024-45182)
Vulnerability from cvelistv5 – Published: 2024-09-12 00:00 – Updated: 2024-10-29 20:14
VLAI
Summary
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
2 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wibu:wibukey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wibukey",
"vendor": "wibu",
"versions": [
{
"lessThan": "6.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:36:05.663302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:14:05.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:24:54.445Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://wibu.com"
},
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45182",
"datePublished": "2024-09-12T00:00:00.000Z",
"dateReserved": "2024-08-22T00:00:00.000Z",
"dateUpdated": "2024-10-29T20:14:05.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45181 (GCVE-0-2024-45181)
Vulnerability from cvelistv5 – Published: 2024-09-12 00:00 – Updated: 2024-09-12 19:49
VLAI
Summary
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
2 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wibu:wibukey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wibukey",
"vendor": "wibu",
"versions": [
{
"lessThan": "6.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:41:43.007669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:49:11.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:23:55.651Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://wibu.com"
},
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45181",
"datePublished": "2024-09-12T00:00:00.000Z",
"dateReserved": "2024-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-12T19:49:11.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3935 (GCVE-0-2023-3935)
Vulnerability from cvelistv5 – Published: 2023-09-13 13:19 – Updated: 2025-08-27 20:32
VLAI
Title
Wibu: Buffer Overflow in CodeMeter Runtime
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wibu | CodeMeter Runtime |
Affected:
0.0 , ≤ 7.60b
(custom)
|
|
| Wibu | CodeMeter Runtime |
Unaffected:
7.21g
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:55.835781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:53.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"lessThanOrEqual": "7.60b",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "unaffected",
"version": "7.21g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T07:00:20.911Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"source": {
"defect": [
"CERT@VDE#64566"
],
"discovery": "UNKNOWN"
},
"title": "Wibu: Buffer Overflow in CodeMeter Runtime",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3935",
"datePublished": "2023-09-13T13:19:18.392Z",
"dateReserved": "2023-07-25T13:02:40.206Z",
"dateUpdated": "2025-08-27T20:32:53.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-37017 (GCVE-0-2020-37017)
Vulnerability from nvd – Published: 2026-01-29 14:28 – Updated: 2026-03-05 01:27 Disputed
VLAI
Title
CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path
Summary
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48735 | exploit |
| https://www.wibu.com/us/products/codemeter/runtime.html | product |
| https://www.vulncheck.com/advisories/codemeter-co… | third-party-advisory |
Date Public
2020-08-05 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37017",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T15:06:31.083844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T15:07:09.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter",
"vendor": "Wibu",
"versions": [
{
"status": "affected",
"version": "6.60"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter:6.60:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luis Martinez"
}
],
"datePublic": "2020-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.\u003c/p\u003e"
}
],
"value": "CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:27:27.506Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48735",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48735"
},
{
"name": "CodeMeter Runtime Product Homepage",
"tags": [
"product"
],
"url": "https://www.wibu.com/us/products/codemeter/runtime.html"
},
{
"name": "VulnCheck Advisory: CodeMeter 6.60 - \u0027CodeMeter.exe\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/codemeter-codemeterexe-unquoted-service-path"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"disputed"
],
"title": "CodeMeter 6.60 - \u0027CodeMeter.exe\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37017",
"datePublished": "2026-01-29T14:28:33.069Z",
"dateReserved": "2026-01-28T18:18:30.521Z",
"dateUpdated": "2026-03-05T01:27:27.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47810 (GCVE-0-2021-47810)
Vulnerability from nvd – Published: 2026-01-15 23:25 – Updated: 2026-03-05 01:28
VLAI
Title
WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
Summary
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49999 | exploit |
| https://www.wibu.com | product |
| https://www.wibu.com/us/support/user/downloads-us… | product |
| https://www.vulncheck.com/advisories/wibukey-runt… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wibu | WibuKey Runtime |
Affected:
6.51
|
Date Public
2021-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:05:41.513013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:11:21.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49999"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WibuKey Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "affected",
"version": "6.51"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:wibukey:6.51:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Rodriguez"
}
],
"datePublic": "2021-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in \u0027C:\\PROGRAM FILES (X86)\\WIBUKEY\\SERVER\\WkSvW32.exe\u0027 to inject malicious executables and escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:28:41.910Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49999",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49999"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.wibu.com"
},
{
"name": "Software Download Page",
"tags": [
"product"
],
"url": "https://www.wibu.com/us/support/user/downloads-user-software.html"
},
{
"name": "VulnCheck Advisory: WibuKey Runtime 6.51 - \u0027WkSvW32.exe\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wibukey-runtime-wksvwexe-unquoted-service-path"
}
],
"title": "WibuKey Runtime 6.51 - \u0027WkSvW32.exe\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47810",
"datePublished": "2026-01-15T23:25:53.004Z",
"dateReserved": "2026-01-14T17:11:19.893Z",
"dateUpdated": "2026-03-05T01:28:41.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47809 (GCVE-0-2025-47809)
Vulnerability from nvd – Published: 2025-05-16 00:00 – Updated: 2025-05-16 13:36
VLAI
Summary
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-272 - Least Privilege Violation
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:35:54.604112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:36:00.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter",
"vendor": "Wibu",
"versions": [
{
"lessThan": "8.30a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T00:18:40.444Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.wibu.com/support/security-advisories/wibu-100120.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-47809",
"datePublished": "2025-05-16T00:00:00.000Z",
"dateReserved": "2025-05-10T00:00:00.000Z",
"dateUpdated": "2025-05-16T13:36:00.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45182 (GCVE-0-2024-45182)
Vulnerability from nvd – Published: 2024-09-12 00:00 – Updated: 2024-10-29 20:14
VLAI
Summary
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
2 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wibu:wibukey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wibukey",
"vendor": "wibu",
"versions": [
{
"lessThan": "6.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:36:05.663302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:14:05.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:24:54.445Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://wibu.com"
},
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45182",
"datePublished": "2024-09-12T00:00:00.000Z",
"dateReserved": "2024-08-22T00:00:00.000Z",
"dateUpdated": "2024-10-29T20:14:05.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45181 (GCVE-0-2024-45181)
Vulnerability from nvd – Published: 2024-09-12 00:00 – Updated: 2024-09-12 19:49
VLAI
Summary
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
2 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wibu:wibukey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wibukey",
"vendor": "wibu",
"versions": [
{
"lessThan": "6.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:41:43.007669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:49:11.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:23:55.651Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://wibu.com"
},
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45181",
"datePublished": "2024-09-12T00:00:00.000Z",
"dateReserved": "2024-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-12T19:49:11.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3935 (GCVE-0-2023-3935)
Vulnerability from nvd – Published: 2023-09-13 13:19 – Updated: 2025-08-27 20:32
VLAI
Title
Wibu: Buffer Overflow in CodeMeter Runtime
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wibu | CodeMeter Runtime |
Affected:
0.0 , ≤ 7.60b
(custom)
|
|
| Wibu | CodeMeter Runtime |
Unaffected:
7.21g
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:55.835781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:53.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"lessThanOrEqual": "7.60b",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "unaffected",
"version": "7.21g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T07:00:20.911Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"source": {
"defect": [
"CERT@VDE#64566"
],
"discovery": "UNKNOWN"
},
"title": "Wibu: Buffer Overflow in CodeMeter Runtime",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3935",
"datePublished": "2023-09-13T13:19:18.392Z",
"dateReserved": "2023-07-25T13:02:40.206Z",
"dateUpdated": "2025-08-27T20:32:53.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202309-0672
Vulnerability from variot - Updated: 2024-01-29 15:51A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants.
Siemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tubedesign",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "activation wizard",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.6"
},
{
"model": "fl network manager",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "7.0"
},
{
"model": "trutops mark 3d",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.01"
},
{
"model": "trutopsprint",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutopsboost",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.00.23.00"
},
{
"model": "trutopsfab",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "15.00.23.00"
},
{
"model": "tops unfold",
"scope": "eq",
"trust": 1.0,
"vendor": "trumpf",
"version": "05.03.00.00"
},
{
"model": "teczonebend",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "18.02.r8"
},
{
"model": "iol-conf",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.7.0"
},
{
"model": "trumpflicenseexpert",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.11.1"
},
{
"model": "programmingtube",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.1"
},
{
"model": "programmingtube",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "4.6.3"
},
{
"model": "trutops mark 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutopsfab storage smallstore",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.20"
},
{
"model": "trutopsweld",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "9.0.28148.1"
},
{
"model": "trutops cell sw48",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutopsfab storage smallstore",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "20.04.20.00"
},
{
"model": "module type package designer",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.2.0"
},
{
"model": "trutopsboost",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "16.0.22"
},
{
"model": "e-mobility charging suite",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.7.0"
},
{
"model": "module type package designer",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.2.0"
},
{
"model": "trutopsfab",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.8.25"
},
{
"model": "trutops cell sw48",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "02.26.0"
},
{
"model": "trutops cell classic",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "09.09.02"
},
{
"model": "oseon",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "3.0.22"
},
{
"model": "tubedesign",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.150"
},
{
"model": "trutopsweld",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "7.0.198.241"
},
{
"model": "trumpflicenseexpert",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.5.2"
},
{
"model": "trutops",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "topscalculation",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.00.00"
},
{
"model": "trutops",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "12.01.00.00"
},
{
"model": "trutopsprint",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "00.06.00"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.60c"
},
{
"model": "topscalculation",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.00"
},
{
"model": "trutopsprintmultilaserassistant",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.02"
},
{
"model": "plcnext engineer",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "2023.6"
},
{
"model": "oseon",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.0"
},
{
"model": "teczonebend",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "23.06.01"
},
{
"model": "trutopsweld",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "programmingtube",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "codemeter runtime",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "trutopsboost",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsprintmultilaserassistant",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsprint",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "oseon",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops cell sw48",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsfab",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "tops unfold",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops mark 3d",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutopsfab storage smallstore",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "tubedesign",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trumpflicenseexpert",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "topscalculation",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "teczonebend",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "trutops cell classic",
"scope": null,
"trust": 0.8,
"vendor": "trumpf",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.17"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.18"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v14\u003cv14.2023-08-23"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v15\u003cv15.0.22"
},
{
"model": "pss e",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v34\u003cv34.9.6"
},
{
"model": "pss odms",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13.0"
},
{
"model": "pss odms",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13.1\u003cv13.1.12.1"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4"
},
{
"model": "simatic wincc oa p006",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v3.19\u003cv3.19"
},
{
"model": "pss e",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v35"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.60c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.06.150",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.28148.1",
"versionStartIncluding": "7.0.198.241",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "01.02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "01.00",
"versionStartIncluding": "00.06.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06.01",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.04.20.00",
"versionStartIncluding": "14.06.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22.8.25",
"versionStartIncluding": "15.00.23.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "02.26.0",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "09.09.02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.22",
"versionStartIncluding": "06.00.23.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.01.00.00",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22.00.00",
"versionStartIncluding": "14.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "23.06.01",
"versionStartIncluding": "18.02.r8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2023.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"cve": "CVE-2023-3935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2023-69811",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-012536",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "info@cert.vde.com",
"id": "CVE-2023-3935",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-3935",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-012536",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-69811",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Wibu-Systems AG of CodeMeter Runtime Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PSS(R)CAPE is a transmission and distribution network protection simulation software. PSS(R)E is a power system simulation and analysis tool for transmission operation and planning. PSS(R)ODMS is a CIM-based network model management tool with network analysis capabilities for planning and operational planning of transmission utilities. SIMATIC PCS neo is a distributed control system (DCS). SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications requiring a high degree of customer-specific adaptability, large or complex applications, and projects that impose specific system requirements or functionality. SIMIT Simulation Platform allows simulating factory settings to predict failures at an early planning stage. SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. SINEMA Remote Connect is a management platform for remote networks that allows simple management of tunnel connections (VPN) between headquarters, service technicians and installed machines or plants. \n\r\n\r\nSiemens Industrial product WIBU system CodeMeter has a heap buffer overflow vulnerability, which is caused by failure to perform correct boundary checks. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3935",
"trust": 3.3
},
{
"db": "CERT@VDE",
"id": "VDE-2023-031",
"trust": 1.9
},
{
"db": "CERT@VDE",
"id": "VDE-2023-030",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92008538",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98137233",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-004-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-03",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-257-06",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-240541",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2023-69811",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-3935",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"id": "VAR-202309-0672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
],
"trust": 1.1424276933333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
]
},
"last_update_date": "2024-01-29T15:51:24.364000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens Industrial product WIBU system CodeMeter heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/460931"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf"
},
{
"trust": 1.9,
"url": "https://cert.vde.com/en/advisories/vde-2023-031/"
},
{
"trust": 1.8,
"url": "https://cert.vde.com/en/advisories/vde-2023-030/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98137233/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92008538/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3935"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-004-01"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-240541.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"date": "2023-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"date": "2023-09-13T14:15:09.147000",
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-69811"
},
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3935"
},
{
"date": "2024-01-09T02:47:00",
"db": "JVNDB",
"id": "JVNDB-2023-012536"
},
{
"date": "2024-01-25T20:24:58.783000",
"db": "NVD",
"id": "CVE-2023-3935"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems\u00a0AG\u00a0 of \u00a0CodeMeter\u00a0Runtime\u00a0 Out-of-bounds write vulnerability in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012536"
}
],
"trust": 0.8
}
}
VAR-201411-0382
Vulnerability from variot - Updated: 2023-12-18 13:57Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. CodeMeter has a local privilege escalation vulnerability that can be exploited by local attackers to enforce arbitrary code with system privileges. CodeMeter is prone to a local privilege-escalation vulnerability. CodeMeter Weak Service Permissions
Vendor Website : http://www.codemeter.com
INDEX
1. Background
2. Description
3. Affected Products
4. Solution
6. Credit
7. Disclosure Timeline
8. CVE
1. BACKGROUND
CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple open-source products.
2. DESCRIPTION
When the CodeMeter runtime is installed on a Microsoft Windows operating system, it creates a service named "codemeter.exe". When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges.
It should be noted that this vulnerability is not present in the most recent version of Codemeter runtime (currently 5.20).
3. AFFECTED PRODUCTS
Only the following versions have been confirmed vulnerable:
CodeMeter Runtime 4.50b
CodeMeter Runtime 4.40
CodeMeter Runtime 4.20b
4. VULNERABILITIES
4.1 codemeter.exe
5. SOLUTION
Vendor contacted and approved for disclosure as most recent version is not vulnerable.
6. CREDIT
This vulnerability was discovered by Andrew Smith and Matt Smith of Sword & Shield Enterprise Security.
7. DISCLOSURE TIMELINE
7-16-2014 - Vulnerability Discovered
8-11-2014 - Vendor Informed
11-20-2014 - Public Disclosure
8. CVE
CVE-2014-8419
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "wibu",
"version": "5.10c"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 0.8,
"vendor": "wibu",
"version": "5.20"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.6,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "wibu",
"version": "5.10c"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "4.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codemeter runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.10c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8419"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Smith and Matt Smith of Sword \u0026 Shield Enterprise Security",
"sources": [
{
"db": "BID",
"id": "71264"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-8419",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-08518",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a04f2417-b6da-40e8-aac7-926846407d0e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8419",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-08518",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. CodeMeter has a local privilege escalation vulnerability that can be exploited by local attackers to enforce arbitrary code with system privileges. CodeMeter is prone to a local privilege-escalation vulnerability. CodeMeter Weak Service Permissions\n\nVendor Website : http://www.codemeter.com\n\n INDEX\n---------------------------------------\n 1. Background\n 2. Description\n 3. Affected Products\n 4. Solution\n 6. Credit\n 7. Disclosure Timeline\n 8. CVE\n\n1. BACKGROUND\n---------------------------------------\n CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple open-source products. \n\n2. DESCRIPTION\n---------------------------------------\n\n When the CodeMeter runtime is installed on a Microsoft Windows operating system, it creates a service named \"codemeter.exe\". When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. \n\n It should be noted that this vulnerability is not present in the most recent version of Codemeter runtime (currently 5.20). \n\n\n3. AFFECTED PRODUCTS\n---------------------------------------\n Only the following versions have been confirmed vulnerable: \n\n CodeMeter Runtime 4.50b\n CodeMeter Runtime 4.40\n CodeMeter Runtime 4.20b\n\n \n4. VULNERABILITIES\n---------------------------------------\n\n 4.1 codemeter.exe\n\n\n5. SOLUTION\n---------------------------------------\n Vendor contacted and approved for disclosure as most recent version is not vulnerable. \n\n\n6. CREDIT\n---------------------------------------\n This vulnerability was discovered by Andrew Smith and Matt Smith of Sword \u0026 Shield Enterprise Security. \n\n\n7. DISCLOSURE TIMELINE\n---------------------------------------\n 7-16-2014 - Vulnerability Discovered\n 8-11-2014 - Vendor Informed\n 11-20-2014 - Public Disclosure\n\n\n8. CVE\n---------------------------------------\n CVE-2014-8419\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "PACKETSTORM",
"id": "129234"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8419",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "129234",
"trust": 2.5
},
{
"db": "BID",
"id": "71264",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-08518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669",
"trust": 0.8
},
{
"db": "IVD",
"id": "A04F2417-B6DA-40E8-AAC7-926846407D0E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"id": "VAR-201411-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
}
],
"trust": 1.3009009
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
}
]
},
"last_update_date": "2023-12-18T13:57:42.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wibu.com/en/home.html"
},
{
"title": "Patch for Wibu-Systems CodeMeter Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52128"
},
{
"title": "CodeMeter-5.20.1471-504.i386",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52558"
},
{
"title": "CmRuntimeUser_5.20.1471.504",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52557"
},
{
"title": "CodeMeterRuntime-5.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52556"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/129234/codemeter-weak-service-permissions.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/534079/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8419"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71264"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534079/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.wibu.com/en/codemeter.html"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/nov/124"
},
{
"trust": 0.1,
"url": "http://www.codemeter.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8419"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"db": "BID",
"id": "71264"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-26T00:00:00",
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71264"
},
{
"date": "2014-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"date": "2014-11-24T10:32:22",
"db": "PACKETSTORM",
"id": "129234"
},
{
"date": "2014-11-26T15:59:06.107000",
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08518"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71264"
},
{
"date": "2014-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005669"
},
{
"date": "2018-10-09T19:54:15.713000",
"db": "NVD",
"id": "CVE-2014-8419"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "71264"
},
{
"db": "PACKETSTORM",
"id": "129234"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a04f2417-b6da-40e8-aac7-926846407d0e"
},
{
"db": "CNVD",
"id": "CNVD-2014-08518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-502"
}
],
"trust": 0.6
}
}
VAR-201201-0168
Vulnerability from variot - Updated: 2023-12-18 13:49Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Wibu-Systems CodeMeter versions prior to 4.40 are affected. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: CodeMeter Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA47497
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
RELEASE DATE: 2012-01-12
DISCUSS ADVISORY: http://secunia.com/advisories/47497/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47497/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47497
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in CodeMeter, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error. No further information is currently available.
SOLUTION: Update to version 4.40.
ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN78901873/index.html http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "wibu",
"version": "4.10b"
},
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "wibu",
"version": "4.20a"
},
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "wibu",
"version": "4.30c"
},
{
"model": "codemeter runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "wibu",
"version": "4.30d"
},
{
"model": "codemeter 4.30c",
"scope": null,
"trust": 0.9,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter 4.30d",
"scope": null,
"trust": 0.9,
"vendor": "wibu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "accessdata",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guidance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "prior to v4.40"
},
{
"model": "codemeter runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "wibu",
"version": "4.30d"
},
{
"model": "codemeter",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": "4.40"
},
{
"model": "4.10b",
"scope": null,
"trust": 0.2,
"vendor": "codemeter runtime",
"version": null
},
{
"model": "4.20a",
"scope": null,
"trust": 0.2,
"vendor": "codemeter runtime",
"version": null
},
{
"model": "4.30c",
"scope": null,
"trust": 0.2,
"vendor": "codemeter runtime",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codemeter runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CERT/CC",
"id": "VU#659515"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"db": "BID",
"id": "51382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:4.10b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.30d",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:4.20a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:4.30c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4057"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C.",
"sources": [
{
"db": "BID",
"id": "51382"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4057",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2012-000003",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4057",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#659515",
"trust": 0.8,
"value": "0.14"
},
{
"author": "IPA",
"id": "JVNDB-2012-000003",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-144",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CERT/CC",
"id": "VU#659515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service (DoS). Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). The Wibu-Systems CodeMeter dongle provides secure hardware based software and digital content protection and effective license management. Wibu-Systems CodeMeter has problems handling special TCP packets. Wibu-Systems CodeMeter is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. \nWibu-Systems CodeMeter versions prior to 4.40 are affected. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCodeMeter Unspecified Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47497\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47497/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47497\n\nRELEASE DATE:\n2012-01-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47497/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47497/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47497\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in CodeMeter, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nSOLUTION:\nUpdate to version 4.40. \n\nORIGINAL ADVISORY:\nJVN:\nhttp://jvn.jp/en/jp/JVN78901873/index.html\nhttp://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000003.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"db": "CERT/CC",
"id": "VU#659515"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"db": "BID",
"id": "51382"
},
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "PACKETSTORM",
"id": "108606"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN78901873",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2011-4057",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#659515",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003",
"trust": 2.5
},
{
"db": "BID",
"id": "51382",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "47497",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "78223",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2012-0112",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#78901873",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18465",
"trust": 0.6
},
{
"db": "IVD",
"id": "8204C04D-8A3B-44D1-BE27-ACD6E2404C70",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "108606",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CERT/CC",
"id": "VU#659515"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"db": "BID",
"id": "51382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "PACKETSTORM",
"id": "108606"
},
{
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"id": "VAR-201201-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
}
],
"trust": 1.3009009
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
}
]
},
"last_update_date": "2023-12-18T13:49:10.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support \u0026 Downloads - User Software",
"trust": 0.8,
"url": "http://www.wibu.com/downloads-user-software.html"
},
{
"title": "Wibu-Systems CodeMeter TCP packet denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/7391"
},
{
"title": "codemeter_4.40.687.500_i386",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42434"
},
{
"title": "CmRuntimeUser_4.40.687.500",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42433"
},
{
"title": "CodeMeterRuntime32",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42432"
},
{
"title": "codemeter_4.40-sol-SPARC.tar",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42435"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4057"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "http://jvn.jp/en/jp/jvn78901873/index.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/659515"
},
{
"trust": 1.6,
"url": "http://www.wibu.com/en/anwendersoftware.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2012/jvndb-2012-000003.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/78223"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47497"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/mapg-8mynfl"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/51382"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4057"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4057"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18465"
},
{
"trust": 0.3,
"url": "http://www.wibu.com/en/codemeter.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47497"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47497/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000003.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47497/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#659515"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"db": "BID",
"id": "51382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "PACKETSTORM",
"id": "108606"
},
{
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CERT/CC",
"id": "VU#659515"
},
{
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"db": "BID",
"id": "51382"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"db": "PACKETSTORM",
"id": "108606"
},
{
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-13T00:00:00",
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"date": "2012-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#659515"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"date": "2012-01-11T00:00:00",
"db": "BID",
"id": "51382"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"date": "2012-01-12T05:04:03",
"db": "PACKETSTORM",
"id": "108606"
},
{
"date": "2012-01-13T18:55:03.767000",
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-16T00:00:00",
"db": "CERT/CC",
"id": "VU#659515"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0112"
},
{
"date": "2012-01-11T00:00:00",
"db": "BID",
"id": "51382"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000003"
},
{
"date": "2012-01-16T05:00:00",
"db": "NVD",
"id": "CVE-2011-4057"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter remote denial of service vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#659515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "8204c04d-8a3b-44d1-be27-acd6e2404c70"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-144"
}
],
"trust": 0.8
}
}
VAR-201709-1051
Vulnerability from variot - Updated: 2023-12-18 13:02Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. Wibu-Systems CodeMeter Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Wibu-Systems CodeMeter is a suite of anti-piracy protection products from Wibu-Systems, Germany for software protection against piracy and unsecure software. The product uses encryption technology and a small USB hardware device, CmStick, which has a 128KB secure amount of SmartCard chip for storing license and license related data. Wibu-Systems CodeMeter is prone to a cross-site scripting vulnerability because it fails to properly handle user-supplied input. An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to CodeMeter 6.50b are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lte",
"trust": 1.0,
"vendor": "wibu",
"version": "6.50a"
},
{
"model": "codemeter",
"scope": "lt",
"trust": 0.8,
"vendor": "wibu",
"version": "6.50b"
},
{
"model": "codemeter \u003c6.50b",
"scope": null,
"trust": 0.6,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.6,
"vendor": "wibu",
"version": "6.50a"
},
{
"model": "codemeter 6.50a",
"scope": null,
"trust": 0.3,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter 4.50b",
"scope": null,
"trust": 0.3,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "4.40"
},
{
"model": "codemeter 4.30d",
"scope": null,
"trust": 0.3,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter 4.30c",
"scope": null,
"trust": 0.3,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter 4.20b",
"scope": null,
"trust": 0.3,
"vendor": "wibu",
"version": null
},
{
"model": "automation studio view designer",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "50000"
},
{
"model": "automation studio logix emulate",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "50000"
},
{
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "50000"
},
{
"model": "automation studio architect",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "50000"
},
{
"model": "automation softlogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "58000"
},
{
"model": "automation rsview32",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation rslogix5",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation rslogix emulate",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "50000"
},
{
"model": "automation rslogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5000"
},
{
"model": "automation rslinx classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation rsfieldbus",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk viewpoint",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk view site edition",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk view machine edition",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk vantagepoint",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk transaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk information server",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk historian site edition",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk historian classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk eprocedure",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk energymetrix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk batch",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk assetcentre",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation factorytalk activation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "4.01"
},
{
"model": "automation factorytalk activation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "4.00"
},
{
"model": "automation factorytalk activation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "3.40"
},
{
"model": "automation emonitor",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation arena",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "rsnetworx",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "automation rslogix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "50000"
},
{
"model": "codemeter 6.50b",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "codemeter",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "BID",
"id": "104433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.50a",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation",
"sources": [
{
"db": "BID",
"id": "104433"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-13754",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-32459",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-13754",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13754",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-32459",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-058",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the \"advanced settings - time server\" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the \"server name\" field in actions/ChangeConfiguration.html. Wibu-Systems CodeMeter Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Wibu-Systems CodeMeter is a suite of anti-piracy protection products from Wibu-Systems, Germany for software protection against piracy and unsecure software. The product uses encryption technology and a small USB hardware device, CmStick, which has a 128KB secure amount of SmartCard chip for storing license and license related data. Wibu-Systems CodeMeter is prone to a cross-site scripting vulnerability because it fails to properly handle user-supplied input. \nAn attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to CodeMeter 6.50b are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "BID",
"id": "104433"
},
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13754",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-102-02",
"trust": 2.1
},
{
"db": "BID",
"id": "104433",
"trust": 1.3
},
{
"db": "EXPLOIT-DB",
"id": "42610",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2017-32459",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768",
"trust": 0.8
},
{
"db": "EXPLOITDB",
"id": "42610",
"trust": 0.6
},
{
"db": "IVD",
"id": "05BED560-8AA3-476D-A0CB-40B1FDD83A18",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "BID",
"id": "104433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"id": "VAR-201709-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
}
],
"trust": 1.4973257628571428
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
}
]
},
"last_update_date": "2023-12-18T13:02:53.773000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "http://www.wibu.com/codemeter.html"
},
{
"title": "Patch for Wibu-Systems CodeMeter Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/105240"
},
{
"title": "Wibu-Systems CodeMeter Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74525"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "NVD",
"id": "CVE-2017-13754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.vulnerability-lab.com/get_content.php?id=2074"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2017/sep/1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13754"
},
{
"trust": 1.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-102-02"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/541119/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/104433"
},
{
"trust": 1.0,
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/42610/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13754"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-102-02"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/541119/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.rockwellautomation.com/"
},
{
"trust": 0.3,
"url": "http://www.wibu.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "BID",
"id": "104433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "BID",
"id": "104433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"date": "2018-05-10T00:00:00",
"db": "BID",
"id": "104433"
},
{
"date": "2017-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"date": "2017-09-07T13:29:00.620000",
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"date": "2018-05-10T00:00:00",
"db": "BID",
"id": "104433"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007768"
},
{
"date": "2018-10-09T20:01:02.790000",
"db": "NVD",
"id": "CVE-2017-13754"
},
{
"date": "2017-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "05bed560-8aa3-476d-a0cb-40b1fdd83a18"
},
{
"db": "CNVD",
"id": "CNVD-2017-32459"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-058"
}
],
"trust": 0.6
}
}
VAR-201902-0658
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0658",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wibukey",
"scope": "eq",
"trust": 1.0,
"vendor": "wibu",
"version": "6.40"
},
{
"model": "wibukey",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.40 (build 2400)"
},
{
"model": "ag wibukey",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "0"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2307.20"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2300"
},
{
"model": "ag wibukey",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": "6.50"
}
],
"sources": [
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-3989",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3989",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3989",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3989",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-864",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-3989",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. \nWibuKey versions prior to 6.50 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "VULMON",
"id": "CVE-2018-3989"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3989",
"trust": 2.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0657",
"trust": 2.5
},
{
"db": "BID",
"id": "107005",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-03",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-844562",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-902727",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-760124",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0445.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-3989",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"id": "VAR-201902-0658",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5969863
},
"last_update_date": "2023-12-18T12:28:31.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WibuKey",
"trust": 0.8,
"url": "https://www.wibu.com/products/wibukey.html"
},
{
"title": "Wibu-Systems WibuKey Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88048"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=94e0234dc40d4012c749057122b199d5"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=65c9c9afcea0dc3f263138e8aeec5fa0"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=cb657546b0a1dbe8012ab3dbcfb9d8a6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/107005"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0657"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3989"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.9,
"url": "https://www.wibu.com/products.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3989"
},
{
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75498"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"date": "2019-02-05T23:29:00.310000",
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"date": "2022-04-19T18:15:37.227000",
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WIBU-SYSTEMS WibuKey.sys Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
}
}
VAR-201902-0660
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. WibuKey Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable. Network server management is one of the network server managers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0660",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wibukey",
"scope": "eq",
"trust": 1.8,
"vendor": "wibu",
"version": "6.40.2402.500"
},
{
"model": "simatic wincc open architecture",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.15"
},
{
"model": "simatic wincc open architecture",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.14"
},
{
"model": "simatic wincc open architecture",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.16"
},
{
"model": "simatic wincc open architecture",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ag wibukey",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "0"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2307.20"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2300"
},
{
"model": "ag wibukey",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": "6.50"
}
],
"sources": [
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3991"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-3991",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-134022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3991",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3991",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3991",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-866",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-134022",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-3991",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134022"
},
{
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. WibuKey Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. \nWibuKey versions prior to 6.50 are vulnerable. Network server management is one of the network server managers",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "VULHUB",
"id": "VHN-134022"
},
{
"db": "VULMON",
"id": "CVE-2018-3991"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3991",
"trust": 2.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0659",
"trust": 2.6
},
{
"db": "BID",
"id": "107005",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-760124",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-844562",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-902727",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-03",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-866",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0445.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134022",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-3991",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134022"
},
{
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"id": "VAR-201902-0660",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-134022"
}
],
"trust": 0.6727987
},
"last_update_date": "2023-12-18T12:28:31.468000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-844562",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"title": "SSA-760124:",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"title": "WibuKey",
"trust": 0.8,
"url": "https://www.wibu.com/products/wibukey.html"
},
{
"title": "Wibu-Systems WibuKey server management Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88046"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=94e0234dc40d4012c749057122b199d5"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=65c9c9afcea0dc3f263138e8aeec5fa0"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=cb657546b0a1dbe8012ab3dbcfb9d8a6"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/siemens-critical-remote-code-execution/141768/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134022"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/107005"
},
{
"trust": 2.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0659"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3991"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.9,
"url": "https://www.wibu.com/products.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3991"
},
{
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75498"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/siemens-critical-remote-code-execution/141768/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134022"
},
{
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-134022"
},
{
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-134022"
},
{
"date": "2019-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"date": "2019-02-05T23:29:00.387000",
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-134022"
},
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3991"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014512"
},
{
"date": "2022-04-19T18:15:38.397000",
"db": "NVD",
"id": "CVE-2018-3991"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WibuKey Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014512"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-866"
}
],
"trust": 0.6
}
}
VAR-201902-0659
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0659",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wibukey",
"scope": "eq",
"trust": 1.0,
"vendor": "wibu",
"version": "6.40"
},
{
"model": "wibukey",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.40 (build 2400)"
},
{
"model": "ag wibukey",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "0"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2307.20"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2300"
},
{
"model": "ag wibukey",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": "6.50"
}
],
"sources": [
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin \u0027Icewall\u0027 Noga of Cisco Talos.,The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-3990",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3990",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3990",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3990",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-865",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-3990",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. \nWibuKey versions prior to 6.50 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "VULMON",
"id": "CVE-2018-3990"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3990",
"trust": 2.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0658",
"trust": 2.5
},
{
"db": "BID",
"id": "107005",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-03",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-844562",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-902727",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-760124",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0445.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-865",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-3990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"id": "VAR-201902-0659",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5969863
},
"last_update_date": "2023-12-18T12:28:28.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WibuKey",
"trust": 0.8,
"url": "https://www.wibu.com/products/wibukey.html"
},
{
"title": "Wibu-Systems WibuKey Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88047"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=94e0234dc40d4012c749057122b199d5"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=65c9c9afcea0dc3f263138e8aeec5fa0"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=cb657546b0a1dbe8012ab3dbcfb9d8a6"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/siemens-critical-remote-code-execution/141768/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/107005"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0658"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3990"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.9,
"url": "https://www.wibu.com/products.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3990"
},
{
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0658exploitthird party advisory"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75498"
},
{
"trust": 0.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0658"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/siemens-critical-remote-code-execution/141768/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"date": "2019-02-05T23:29:00.340000",
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3990"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014415"
},
{
"date": "2022-04-19T18:15:37.723000",
"db": "NVD",
"id": "CVE-2018-3990"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WIBU-SYSTEMS WibuKey.sys Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014415"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-865"
}
],
"trust": 0.6
}
}
VAR-202111-0784
Vulnerability from variot - Updated: 2023-12-18 12:16In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pss odms",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "12.2.6.1"
},
{
"model": "pss e",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "35.0.0"
},
{
"model": "sicam 230",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic information server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "simatic information server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.30a"
},
{
"model": "pss e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "35.3.2"
},
{
"model": "pss e",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "34.0.0"
},
{
"model": "simatic process historian",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "simatic wincc oa",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.18"
},
{
"model": "pss e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "34.9.1"
},
{
"model": "simit",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "10.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41057"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.30a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:pss_cape:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "34.9.1",
"versionStartIncluding": "34.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:pss_e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "35.3.2",
"versionStartIncluding": "35.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:pss_odms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sicam_230:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_process_historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_oa:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41057"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jok\u016bbas Arsoba reported this vulnerability to Wibu-Systems.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
],
"trust": 0.6
},
"cve": "CVE-2021-41057",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-402322",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-41057",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-772",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-402322",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402322"
},
{
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"db": "VULHUB",
"id": "VHN-402322"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41057",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-580693",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.4286",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010503",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-03",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-772",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-402322",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402322"
},
{
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"id": "VAR-202111-0784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-402322"
}
],
"trust": 0.639684002
},
"last_update_date": "2023-12-18T12:16:10.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter Post-link vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170234"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402322"
},
{
"db": "NVD",
"id": "CVE-2021-41057"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisory_wibu-210910-01.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
},
{
"trust": 1.7,
"url": "https://www.wibu.com/us/support/security-advisories.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41057"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4286"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-wibu-systems-codemeter-runtime-36834"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-03"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010503"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-402322"
},
{
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-402322"
},
{
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-402322"
},
{
"date": "2021-11-14T21:15:07.797000",
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-402322"
},
{
"date": "2021-11-17T18:49:11.867000",
"db": "NVD",
"id": "CVE-2021-41057"
},
{
"date": "2022-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter Post link vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-772"
}
],
"trust": 0.6
}
}
VAR-202106-0817
Vulnerability from variot - Updated: 2023-12-18 11:41A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. Wibu-Systems CodeMeter Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0817",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam 230",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.21a"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "7.21a"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "NVD",
"id": "CVE-2021-20094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.21a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sicam_230_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sicam_230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20094"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "reported these vulnerabilities to CISA., Inc.,Tenable",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
}
],
"trust": 0.6
},
"cve": "CVE-2021-20094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20094",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-20094",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20094",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1303",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20094",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. Wibu-Systems CodeMeter Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-20094"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20094",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2021-24",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-210-02",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-675303",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99583134",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021073002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2575",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1303",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202106-0817",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5009009
},
"last_update_date": "2023-12-18T11:41:04.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WIBU-210423-02",
"trust": 0.8,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisory_wibu-210423-02.pdf"
},
{
"title": "Wibu-Systems CodeMeter Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155295"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=a38962f28ac4b7e355a2146c756f2b6d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "NVD",
"id": "CVE-2021-20094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2021-24"
},
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
},
{
"trust": 1.7,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisory_wibu-210423-02.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99583134/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20094"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/wibu-systems-codemeter-denial-of-service-via-http-35869"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2575"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021073002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-675303.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"date": "2021-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"date": "2021-06-16T12:15:12.073000",
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"date": "2021-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1303"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20094"
},
{
"date": "2023-11-21T01:45:00",
"db": "JVNDB",
"id": "JVNDB-2021-002246"
},
{
"date": "2022-05-13T17:30:28.603000",
"db": "NVD",
"id": "CVE-2021-20094"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1303"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems\u00a0CodeMeter\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002246"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1303"
}
],
"trust": 0.6
}
}
VAR-202009-0303
Vulnerability from variot - Updated: 2023-12-18 11:13CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool.
Many Siemens products have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "6.90"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.90"
},
{
"model": "process historian",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic pcs neo",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.90",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"cve": "CVE-2020-14515",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14515",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2020-51243",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14515",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14515",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-51243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-488",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter Exists in a digital signature validation vulnerability.Information may be tampered with. Siemens SINEMA Remote Connect is a set of remote network management platform of German Siemens (Siemens) company. The SIMIT Simluation Platform allows simulation of factory settings to predict failures in the early planning stage. SINEC INS is a web-based application that combines various network services in one tool. \n\r\n\r\nMany Siemens products have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNVD",
"id": "CNVD-2020-51243"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14515",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"id": "VAR-202009-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
}
],
"trust": 1.3152251339999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
}
]
},
"last_update_date": "2023-12-18T11:13:37.992000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Improper password signature verification vulnerabilities in many Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233341"
},
{
"title": "Wibu-Systems AG CodeMeter Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.0
},
{
"problemtype": "Improper verification of digital signatures (CWE-347) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14515"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"date": "2020-09-16T20:15:13.567000",
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51243"
},
{
"date": "2022-03-15T05:07:00",
"db": "JVNDB",
"id": "JVNDB-2020-011221"
},
{
"date": "2020-09-22T17:56:46.080000",
"db": "NVD",
"id": "CVE-2020-14515"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Digital Signature Verification Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-488"
}
],
"trust": 0.6
}
}
VAR-202009-0319
Vulnerability from variot - Updated: 2023-12-18 11:11CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants.
Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "6.81"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.81"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.06"
},
{
"model": "sppa-t3000 r8.2 sp2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.05"
},
{
"model": "process historian",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic pcs neo",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simit simulation platform",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.81",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"cve": "CVE-2020-14513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14513",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51244",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14513",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14513",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-51244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-483",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. \n\r\n\r\nMany Siemens products have security vulnerabilities. Attackers can use vulnerabilities to crash software",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14513",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51244",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"id": "VAR-202009-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
],
"trust": 1.42201570875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
}
]
},
"last_update_date": "2023-12-18T11:11:37.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Improper input verification vulnerabilities in multiple Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233338"
},
{
"title": "ARC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127904"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14513"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"date": "2020-09-16T20:15:13.473000",
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51244"
},
{
"date": "2022-03-15T05:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-011220"
},
{
"date": "2020-09-22T17:47:12.067000",
"db": "NVD",
"id": "CVE-2020-14513"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Input confirmation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-483"
}
],
"trust": 0.6
}
}
VAR-202106-0816
Vulnerability from variot - Updated: 2023-12-18 11:11A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. Wibu-Systems CodeMeter Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. CodeMeter is a security tool from WIBU in Germany, which provides integrated technology for software developers and smart device companies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0816",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lte",
"trust": 1.0,
"vendor": "wibu",
"version": "7.21a"
},
{
"model": "simatic process historian",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.18"
},
{
"model": "simit simulation platform",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.3"
},
{
"model": "simatic information server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "simit simulation platform",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "10.3"
},
{
"model": "sinema remote connect server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sicam 230",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic information server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "simit simulation platform",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.17"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic process historian",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"model": "sinec infrastructure network services",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1"
},
{
"model": "simatic process historian",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "simatic pcs neo",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "pss cape",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "7.21a"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "NVD",
"id": "CVE-2021-20093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.21a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sicam_230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sicam_230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simit_simulation_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.3",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simit_simulation_platform:10.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_process_historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_process_historian:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_information_server:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20093"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "reported these vulnerabilities to CISA., Inc.,Tenable",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
}
],
"trust": 0.6
},
"cve": "CVE-2021-20093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-20093",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-377769",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-20093",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20093",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1297",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-377769",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377769"
},
{
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions \u003c 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. Wibu-Systems CodeMeter Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. CodeMeter is a security tool from WIBU in Germany, which provides integrated technology for software developers and smart device companies",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-377769"
},
{
"db": "VULMON",
"id": "CVE-2021-20093"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20093",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2021-24",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-210-02",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-675303",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99583134",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021073002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2575",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1297",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-377769",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-20093",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377769"
},
{
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202106-0816",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377769"
}
],
"trust": 0.730160188
},
"last_update_date": "2023-12-18T11:11:09.893000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WIBU-210423-01",
"trust": 0.8,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisory_wibu-210423-01.pdf"
},
{
"title": "Wibu-Systems CodeMeter Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155294"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=a38962f28ac4b7e355a2146c756f2b6d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377769"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "NVD",
"id": "CVE-2021-20093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.tenable.com/security/research/tra-2021-24"
},
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
},
{
"trust": 1.8,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisory_wibu-210423-01.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99583134/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20093"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/wibu-systems-codemeter-buffer-overflow-35870"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2575"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021073002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-675303.txt"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377769"
},
{
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377769"
},
{
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-377769"
},
{
"date": "2021-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"date": "2021-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"date": "2021-06-16T12:15:12.037000",
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"date": "2021-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1297"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377769"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20093"
},
{
"date": "2023-11-21T01:44:00",
"db": "JVNDB",
"id": "JVNDB-2021-002247"
},
{
"date": "2022-10-06T17:43:33.530000",
"db": "NVD",
"id": "CVE-2021-20093"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1297"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems\u00a0CodeMeter\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1297"
}
],
"trust": 0.6
}
}
VAR-202009-0596
Vulnerability from variot - Updated: 2023-12-18 11:03An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. CodeMeter Is vulnerable to an improper shutdown and release of resources.Information may be obtained. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants.
Many Siemens products have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.10"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "7.10"
},
{
"model": "information server sp1",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.17"
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.06"
},
{
"model": "sppa-t3000 r8.2 sp2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.05"
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "NVD",
"id": "CVE-2020-16233"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16233"
}
]
},
"cve": "CVE-2020-16233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-16233",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51240",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-16233",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16233",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-51240",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-482",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. CodeMeter Is vulnerable to an improper shutdown and release of resources.Information may be obtained. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. \n\r\n\r\nMany Siemens products have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "CNVD",
"id": "CNVD-2020-51240"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16233",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51240",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-482",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"id": "VAR-202009-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
}
],
"trust": 1.3399059128571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
}
]
},
"last_update_date": "2023-12-18T11:03:20.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Various Siemens products release improper loopholes",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233350"
},
{
"title": "ARC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127903"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-404",
"trust": 1.0
},
{
"problemtype": "Improper shutdown and release of resources (CWE-404) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "NVD",
"id": "CVE-2020-16233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16233"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"date": "2020-09-16T20:15:13.817000",
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51240"
},
{
"date": "2022-03-11T06:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-011224"
},
{
"date": "2020-09-18T16:11:42.850000",
"db": "NVD",
"id": "CVE-2020-16233"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Improper Resource Shutdown and Release Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-482"
}
],
"trust": 0.6
}
}
VAR-202009-1544
Vulnerability from variot - Updated: 2023-12-18 10:57Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. CodeMeter Contains a cryptographic vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants.
Many Siemens products have security vulnerabilities. Attackers can use the vulnerability to communicate with CodeMeter API remotely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1544",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "6.90"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.90"
},
{
"model": "information server sp1",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.17"
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.06"
},
{
"model": "sppa-t3000 r8.2 sp2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.05"
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "NVD",
"id": "CVE-2020-14517"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.90",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14517"
}
]
},
"cve": "CVE-2020-14517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-14517",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51242",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14517",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14517",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-51242",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-489",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. CodeMeter Contains a cryptographic vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. \n\r\n\r\nMany Siemens products have security vulnerabilities. Attackers can use the vulnerability to communicate with CodeMeter API remotely",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "CNVD",
"id": "CNVD-2020-51242"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14517",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-489",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"id": "VAR-202009-1544",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
}
],
"trust": 1.3399059128571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
}
]
},
"last_update_date": "2023-12-18T10:57:30.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Vulnerabilities in insufficient encryption strength of many Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233344"
},
{
"title": "ARC and MATIO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127910"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Inadequate encryption strength (CWE-326) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "NVD",
"id": "CVE-2020-14517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14517"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"date": "2020-09-16T20:15:13.647000",
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51242"
},
{
"date": "2022-03-15T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2020-011222"
},
{
"date": "2021-11-04T18:15:08.017000",
"db": "NVD",
"id": "CVE-2020-14517"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Vulnerability in cryptography",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011222"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-489"
}
],
"trust": 0.6
}
}
VAR-202009-1545
Vulnerability from variot - Updated: 2023-12-18 10:56Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. CodeMeter There is a vulnerability in accessing the buffer with an improper length value.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants.
Many Siemens products have memory corruption vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1545",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.10"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "7.10"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "information server sp1",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=2019"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.17"
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.04"
},
{
"model": "sppa-s2000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.06"
},
{
"model": "sppa-t3000 r8.2 sp2",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sppa-s3000",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "NVD",
"id": "CVE-2020-14509"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14509"
}
]
},
"cve": "CVE-2020-14509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-14509",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51245",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14509",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14509",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-51245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-491",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-14509",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. CodeMeter There is a vulnerability in accessing the buffer with an improper length value.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. SPPA-S2000 simulates the automation component (S7) of the nuclear DCS system SPPA-T2000. SPPA-S3000 simulates the automation components of DCS system SPPA-T3000. SPPA-T3000 is a distributed control system, mainly used in fossil and large renewable energy power plants. \n\r\n\r\nMany Siemens products have memory corruption vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "VULMON",
"id": "CVE-2020-14509"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14509",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-491",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-14509",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"id": "VAR-202009-1545",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
}
],
"trust": 1.3399059128571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
}
]
},
"last_update_date": "2023-12-18T10:56:30.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Memory corruption vulnerabilities in many Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233335"
},
{
"title": "ARC and MATIO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127912"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6161645a91c3d669954a802b5a5a2baf"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/severe-industrial-bugs-takeover-critical-systems/159068/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Accessing the buffer with improper length values (CWE-805) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "NVD",
"id": "CVE-2020-14509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14509"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/805.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187940"
},
{
"trust": 0.1,
"url": "https://threatpost.com/severe-industrial-bugs-takeover-critical-systems/159068/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"date": "2020-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"date": "2020-09-16T20:15:13.380000",
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51245"
},
{
"date": "2020-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14509"
},
{
"date": "2022-03-15T05:02:00",
"db": "JVNDB",
"id": "JVNDB-2020-011219"
},
{
"date": "2021-11-04T18:22:07.627000",
"db": "NVD",
"id": "CVE-2020-14509"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Vulnerability in accessing buffers with improper length values in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-491"
}
],
"trust": 0.6
}
}
VAR-202009-0304
Vulnerability from variot - Updated: 2023-12-18 10:56This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. CodeMeter Exists in a vulnerability related to same-origin policy violations.Information may be tampered with. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool.
Many Siemens products have security vulnerabilities. Attackers can use vulnerabilities to change or create license files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.00"
},
{
"model": "codemeter",
"scope": null,
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "7.00"
},
{
"model": "codemeter",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"cve": "CVE-2020-14519",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14519",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51241",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-14519",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14519",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-51241",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-486",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. CodeMeter Exists in a vulnerability related to same-origin policy violations.Information may be tampered with. Siemens SIMATIC WinCC OA (Open Architecture) is a set of SCADA system of Siemens (Siemens), Germany, and it is also an integral part of HMI series. The system is mainly suitable for industries such as rail transit, building automation and public power supply. Information Server is used to report and visualize the process data stored in the Process Historian. SINEC INS is a web-based application that combines various network services in one tool. \n\r\n\r\nMany Siemens products have security vulnerabilities. Attackers can use vulnerabilities to change or create license files",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNVD",
"id": "CNVD-2020-51241"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14519",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-203-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU90770748",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94568336",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-455843",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-51241",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3076",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"id": "VAR-202009-0304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
}
],
"trust": 1.06346013
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
}
]
},
"last_update_date": "2023-12-18T10:56:21.427000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CodeMeter",
"trust": 0.8,
"url": "https://www.wibu.com/products/codemeter.html"
},
{
"title": "Patch for Multiple Siemens products verification error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/233347"
},
{
"title": "Wibu-Systems AG CodeMeter Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127907"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-346",
"trust": 1.0
},
{
"problemtype": "Same-origin policy violation (CWE-346) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14519"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94568336/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90770748/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-six-vulnerabilities-via-wibu-systems-codemeter-runtime-33282"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3076/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"date": "2020-09-16T20:15:13.723000",
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51241"
},
{
"date": "2022-03-15T05:12:00",
"db": "JVNDB",
"id": "JVNDB-2020-011223"
},
{
"date": "2020-09-22T18:07:41.903000",
"db": "NVD",
"id": "CVE-2020-14519"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CodeMeter\u00a0 Vulnerability regarding same-origin policy violation in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-486"
}
],
"trust": 0.6
}
}
VAR-202309-0673
Vulnerability from variot - Updated: 2023-09-21 22:24A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0673",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trutopsboost",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.00.23.00"
},
{
"model": "teczonebend",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "18.02.r8"
},
{
"model": "trutops cell sw48",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "02.26.0"
},
{
"model": "topscalculation",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.00"
},
{
"model": "trutops cell classic",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "09.09.02"
},
{
"model": "teczonebend",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "23.06.01"
},
{
"model": "trutops cell sw48",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trumpflicenseexpert",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.5.2"
},
{
"model": "trutopsfab storage smallstore",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "20.04.20.00"
},
{
"model": "programmingtube",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "4.6.3"
},
{
"model": "trutopsprintmultilaserassistant",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.02"
},
{
"model": "trutopsfab storage smallstore",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.20"
},
{
"model": "trutopsweld",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "7.0.198.241"
},
{
"model": "trutopsprint",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "00.06.00"
},
{
"model": "oseon",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "3.0.22"
},
{
"model": "programmingtube",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.1"
},
{
"model": "tubedesign",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "14.06.150"
},
{
"model": "oseon",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.0.0"
},
{
"model": "topscalculation",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.00.00"
},
{
"model": "trutops",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "trutopsprint",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutops mark 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "01.00"
},
{
"model": "trutopsboost",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "16.0.22"
},
{
"model": "trutops",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "12.01.00.00"
},
{
"model": "trumpflicenseexpert",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "1.11.1"
},
{
"model": "codemeter runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "wibu",
"version": "7.60c"
},
{
"model": "trutopsfab",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "22.8.25"
},
{
"model": "tubedesign",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "08.00"
},
{
"model": "trutops mark 3d",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "06.01"
},
{
"model": "tops unfold",
"scope": "eq",
"trust": 1.0,
"vendor": "trumpf",
"version": "05.03.00.00"
},
{
"model": "trutopsfab",
"scope": "gte",
"trust": 1.0,
"vendor": "trumpf",
"version": "15.00.23.00"
},
{
"model": "trutopsweld",
"scope": "lte",
"trust": 1.0,
"vendor": "trumpf",
"version": "9.0.28148.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.60c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.06.150",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.28148.1",
"versionStartIncluding": "7.0.198.241",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "01.02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "01.00",
"versionStartIncluding": "00.06.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06.01",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.04.20.00",
"versionStartIncluding": "14.06.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22.8.25",
"versionStartIncluding": "15.00.23.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "02.26.0",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "09.09.02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.22",
"versionStartIncluding": "06.00.23.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.01.00.00",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "22.00.00",
"versionStartIncluding": "14.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "23.06.01",
"versionStartIncluding": "18.02.r8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"cve": "CVE-2023-4701",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-4701",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-4701",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4701"
},
{
"db": "VULMON",
"id": "CVE-2023-4701"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT@VDE",
"id": "VDE-2023-031",
"trust": 1.1
},
{
"db": "NVD",
"id": "CVE-2023-4701",
"trust": 1.1
},
{
"db": "CERT@VDE",
"id": "VDE-2023-030",
"trust": 1.0
},
{
"db": "VULMON",
"id": "CVE-2023-4701",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4701"
},
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"id": "VAR-202309-0673",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45604396
},
"last_update_date": "2023-09-21T22:24:54.724000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf"
},
{
"trust": 1.1,
"url": "https://cert.vde.com/en/advisories/vde-2023-031/"
},
{
"trust": 1.0,
"url": "https://cert.vde.com/en/advisories/vde-2023-030/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4701"
},
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-4701"
},
{
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4701"
},
{
"date": "2023-09-13T14:15:00",
"db": "NVD",
"id": "CVE-2023-4701"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4701"
},
{
"date": "2023-09-19T08:15:00",
"db": "NVD",
"id": "CVE-2023-4701"
}
]
}
}
VAR-190001-0356
Vulnerability from variot - Updated: 2022-05-17 02:06Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. CodeMeter 4.30c is affected; other versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codemeter 4.30c",
"scope": null,
"trust": 1.1,
"vendor": "wibu",
"version": null
},
{
"model": "codemeter 4.30d",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter is a hardware-based software, file, access and media protection solution. The Wibu-Systems CodeMeter certificate server listens by default on port 22350, which allows for limited directory traversal attacks in virtual directories. Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nExploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks. \nCodeMeter 4.30c is affected; other versions may also be vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49437",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-3494",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016",
"trust": 0.6
},
{
"db": "IVD",
"id": "8E1E3A1A-E596-44F1-AAB8-28036106C15C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"id": "VAR-190001-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
}
],
"trust": 1.25604396
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
}
]
},
"last_update_date": "2022-05-17T02:06:56.132000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://aluigi.altervista.org/adv/codemeter_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49437"
},
{
"trust": 0.3,
"url": "http://www.wibu.com/en/codemeter.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-05T00:00:00",
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"date": "2011-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"date": "2011-09-02T00:00:00",
"db": "BID",
"id": "49437"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"date": "2011-12-22T18:30:00",
"db": "BID",
"id": "49437"
},
{
"date": "2011-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNVD",
"id": "CNVD-2011-3494"
},
{
"db": "BID",
"id": "49437"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "8e1e3a1a-e596-44f1-aab8-28036106c15c"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-016"
}
],
"trust": 0.8
}
}