CVE-2023-3935

Wibu: Buffer Overflow in CodeMeter Runtime

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Una vulnerabilidad de Desbordamiento del Búfer en el servicio de red Wibu CodeMeter Runtime hasta la versión 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitrión.

*Credits: N/A

CVSS Scores

CERT VDEv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-07-25 CVE Reserved
2023-09-13 CVE Published
2024-08-02 CVE Updated
2024-09-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (3)

URL	Tag	Source
https://cert.vde.com/en/advisories/VDE-2023-030	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-031	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wibu Search vendor "Wibu"		Codemeter Runtime Search vendor "Wibu" for product "Codemeter Runtime"				< 7.60c Search vendor "Wibu" for product "Codemeter Runtime" and version " < 7.60c"		-		Affected
Trumpf Search vendor "Trumpf"		Oseon Search vendor "Trumpf" for product "Oseon"				>= 1.0.0 <= 3.0.22 Search vendor "Trumpf" for product "Oseon" and version " >= 1.0.0 <= 3.0.22"		-		Affected
Trumpf Search vendor "Trumpf"		Programmingtube Search vendor "Trumpf" for product "Programmingtube"				>= 1.0.1 <= 4.6.3 Search vendor "Trumpf" for product "Programmingtube" and version " >= 1.0.1 <= 4.6.3"		-		Affected
Trumpf Search vendor "Trumpf"		Teczonebend Search vendor "Trumpf" for product "Teczonebend"				>= 18.02.r8 <= 23.06.01 Search vendor "Trumpf" for product "Teczonebend" and version " >= 18.02.r8 <= 23.06.01"		-		Affected
Trumpf Search vendor "Trumpf"		Tops Unfold Search vendor "Trumpf" for product "Tops Unfold"				05.03.00.00 Search vendor "Trumpf" for product "Tops Unfold" and version "05.03.00.00"		-		Affected
Trumpf Search vendor "Trumpf"		Topscalculation Search vendor "Trumpf" for product "Topscalculation"				>= 14.00 <= 22.00.00 Search vendor "Trumpf" for product "Topscalculation" and version " >= 14.00 <= 22.00.00"		-		Affected
Trumpf Search vendor "Trumpf"		Trumpflicenseexpert Search vendor "Trumpf" for product "Trumpflicenseexpert"				>= 1.5.2 <= 1.11.1 Search vendor "Trumpf" for product "Trumpflicenseexpert" and version " >= 1.5.2 <= 1.11.1"		-		Affected
Trumpf Search vendor "Trumpf"		Trutops Search vendor "Trumpf" for product "Trutops"				>= 08.00 <= 12.01.00.00 Search vendor "Trumpf" for product "Trutops" and version " >= 08.00 <= 12.01.00.00"		-		Affected
Trumpf Search vendor "Trumpf"		Trutops Cell Classic Search vendor "Trumpf" for product "Trutops Cell Classic"				<= 09.09.02 Search vendor "Trumpf" for product "Trutops Cell Classic" and version " <= 09.09.02"		-		Affected
Trumpf Search vendor "Trumpf"		Trutops Cell Sw48 Search vendor "Trumpf" for product "Trutops Cell Sw48"				>= 01.00 <= 02.26.0 Search vendor "Trumpf" for product "Trutops Cell Sw48" and version " >= 01.00 <= 02.26.0"		-		Affected
Trumpf Search vendor "Trumpf"		Trutops Mark 3d Search vendor "Trumpf" for product "Trutops Mark 3d"				>= 01.00 <= 06.01 Search vendor "Trumpf" for product "Trutops Mark 3d" and version " >= 01.00 <= 06.01"		-		Affected
Trumpf Search vendor "Trumpf"		Trutopsboost Search vendor "Trumpf" for product "Trutopsboost"				>= 06.00.23.00 <= 16.0.22 Search vendor "Trumpf" for product "Trutopsboost" and version " >= 06.00.23.00 <= 16.0.22"		-		Affected
Trumpf Search vendor "Trumpf"		Trutopsfab Search vendor "Trumpf" for product "Trutopsfab"				>= 15.00.23.00 <= 22.8.25 Search vendor "Trumpf" for product "Trutopsfab" and version " >= 15.00.23.00 <= 22.8.25"		-		Affected
Trumpf Search vendor "Trumpf"		Trutopsfab Storage Smallstore Search vendor "Trumpf" for product "Trutopsfab Storage Smallstore"				>= 14.06.20 <= 20.04.20.00 Search vendor "Trumpf" for product "Trutopsfab Storage Smallstore" and version " >= 14.06.20 <= 20.04.20.00"		-		Affected
Trumpf Search vendor "Trumpf"		Trutopsprint Search vendor "Trumpf" for product "Trutopsprint"				>= 00.06.00 <= 01.00 Search vendor "Trumpf" for product "Trutopsprint" and version " >= 00.06.00 <= 01.00"		-		Affected
Trumpf Search vendor "Trumpf"		Trutopsprintmultilaserassistant Search vendor "Trumpf" for product "Trutopsprintmultilaserassistant"				>= 01.02 Search vendor "Trumpf" for product "Trutopsprintmultilaserassistant" and version " >= 01.02"		-		Affected
Trumpf Search vendor "Trumpf"		Trutopsweld Search vendor "Trumpf" for product "Trutopsweld"				>= 7.0.198.241 <= 9.0.28148.1 Search vendor "Trumpf" for product "Trutopsweld" and version " >= 7.0.198.241 <= 9.0.28148.1"		-		Affected
Trumpf Search vendor "Trumpf"		Tubedesign Search vendor "Trumpf" for product "Tubedesign"				>= 08.00 <= 14.06.150 Search vendor "Trumpf" for product "Tubedesign" and version " >= 08.00 <= 14.06.150"		-		Affected
Phoenixcontact Search vendor "Phoenixcontact"		Activation Wizard Search vendor "Phoenixcontact" for product "Activation Wizard"				<= 1.6 Search vendor "Phoenixcontact" for product "Activation Wizard" and version " <= 1.6"		moryx		Affected
Phoenixcontact Search vendor "Phoenixcontact"		E-mobility Charging Suite Search vendor "Phoenixcontact" for product "E-mobility Charging Suite"				<= 1.7.0 Search vendor "Phoenixcontact" for product "E-mobility Charging Suite" and version " <= 1.7.0"		-		Affected
Phoenixcontact Search vendor "Phoenixcontact"		Fl Network Manager Search vendor "Phoenixcontact" for product "Fl Network Manager"				<= 7.0 Search vendor "Phoenixcontact" for product "Fl Network Manager" and version " <= 7.0"		-		Affected
Phoenixcontact Search vendor "Phoenixcontact"		Iol-conf Search vendor "Phoenixcontact" for product "Iol-conf"				<= 1.7.0 Search vendor "Phoenixcontact" for product "Iol-conf" and version " <= 1.7.0"		-		Affected
Phoenixcontact Search vendor "Phoenixcontact"		Module Type Package Designer Search vendor "Phoenixcontact" for product "Module Type Package Designer"				< 1.2.0 Search vendor "Phoenixcontact" for product "Module Type Package Designer" and version " < 1.2.0"		-		Affected
Phoenixcontact Search vendor "Phoenixcontact"		Module Type Package Designer Search vendor "Phoenixcontact" for product "Module Type Package Designer"				1.2.0 Search vendor "Phoenixcontact" for product "Module Type Package Designer" and version "1.2.0"		beta		Affected
Phoenixcontact Search vendor "Phoenixcontact"		Plcnext Engineer Search vendor "Phoenixcontact" for product "Plcnext Engineer"				<= 2023.6 Search vendor "Phoenixcontact" for product "Plcnext Engineer" and version " <= 2023.6"		-		Affected