CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2021-20094
https://notcve.org/view.php?id=CVE-2021-20094
16 Jun 2021 — A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de denegación de servicio en las de Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 6%CPEs: 18EXPL: 1CVE-2021-20093
https://notcve.org/view.php?id=CVE-2021-20093
16 Jun 2021 — A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server. Se presenta una vulnerabilidad de lectura excesiva del búfer en Wibu-Systems CodeMeter versiones anteriores a 7.21a. Un atacante remoto no autenticado puede explotar este problema para revelar el contenido de la memoria de la pila o bloquear el CodeMeter Runtime Server • https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16233
https://notcve.org/view.php?id=CVE-2020-16233
16 Sep 2020 — An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. Un atacante podría enviar un paquete especialmente diseñado que podría hacer que CodeMeter (todas las versiones anteriores a 7.10) devuelva paquetes que contengan datos de la pila • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14513
https://notcve.org/view.php?id=CVE-2020-14513
16 Sep 2020 — CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. CodeMeter (todas las versiones anteriores a 6.81) y el software que lo usa pueden bloquearse al procesar un archivo de licencia específicamente diseñado debido a campos de longitud no verificados • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14515
https://notcve.org/view.php?id=CVE-2020-14515
16 Sep 2020 — CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. CodeMeter (todas las versiones anteriores a 6.90 cuando se utilizan archivos de actualización con CmActLicense Firm Co... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14519
https://notcve.org/view.php?id=CVE-2020-14519
16 Sep 2020 — This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. Esta vulnerabilidad permite a un atacante utilizar la API ... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14517
https://notcve.org/view.php?id=CVE-2020-14517
16 Sep 2020 — Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API. El cifrado del protocolo se puede romper fácilmente para CodeMeter (todas las versiones anteriores a 6.90 están afectadas, incluyendo la versión 6.90 o más reciente solo si CodeMeter Runtime es ejecutado como servi... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14509
https://notcve.org/view.php?id=CVE-2020-14509
16 Sep 2020 — Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. Se presentan múltiples vulnerabilidades de corrupción de la memoria en CodeMeter (todas las versiones anteriores a 7.10) donde el mecanismo del analizador de paquetes no verifica los campos de longitud. Un atacante podría enviar paquetes especialmente diseñados para e... • https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2017-13754 – CodeMeter 6.50 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-13754
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el módulo "advanced settings - time server" en Wibu-Systems CodeMeter en versiones anteriores a la 6.50b permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo "serve... • https://www.exploit-db.com/exploits/42610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •