CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-44731
https://notcve.org/view.php?id=CVE-2022-44731
13 Dec 2022 — A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g.,... • https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdf • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2021-41057
https://notcve.org/view.php?id=CVE-2021-41057
14 Nov 2021 — In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. En WIBU CodeMeter Runtime versiones anteriores a 7.30a, la creación de un enlace simbólico CmDongles diseñado sobrescribirá el archivo enlazado sin comprobar los permisos • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 7%CPEs: 18EXPL: 1CVE-2021-20093
https://notcve.org/view.php?id=CVE-2021-20093
16 Jun 2021 — A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de lectura excesiva del búfer en Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para revelar el contenido de la memoria de la pila o bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf • CWE-125: Out-of-bounds Read •