CVE-2023-3935 – Wibu: Buffer Overflow in CodeMeter Runtime
https://notcve.org/view.php?id=CVE-2023-3935
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Una vulnerabilidad de Desbordamiento del Búfer en el servicio de red Wibu CodeMeter Runtime hasta la versión 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitrión. • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf https://cert.vde.com/en/advisories/VDE-2023-030 https://cert.vde.com/en/advisories/VDE-2023-031 • CWE-787: Out-of-bounds Write •
CVE-2021-41057
https://notcve.org/view.php?id=CVE-2021-41057
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. En WIBU CodeMeter Runtime versiones anteriores a 7.30a, la creación de un enlace simbólico CmDongles diseñado sobrescribirá el archivo enlazado sin comprobar los permisos • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210910-01.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf https://www.wibu.com/us/support/security-advisories.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-20094
https://notcve.org/view.php?id=CVE-2021-20094
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de denegación de servicio en las de Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02 https://www.tenable.com/security/research/tra-2021-24 • CWE-125: Out-of-bounds Read •
CVE-2021-20093
https://notcve.org/view.php?id=CVE-2021-20093
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de lectura excesiva del búfer en Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para revelar el contenido de la memoria de la pila o bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02 https://www.tenable.com/security/research/tra-2021-24 • CWE-125: Out-of-bounds Read •
CVE-2020-16233
https://notcve.org/view.php?id=CVE-2020-16233
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. Un atacante podría enviar un paquete especialmente diseñado que podría hacer que CodeMeter (todas las versiones anteriores a 7.10) devuelva paquetes que contengan datos de la pila • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-404: Improper Resource Shutdown or Release •