Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V6.0 through V8 QU1 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime...

CVE-2020-37017 CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with...

PT-2026-5291

Name of the Vulnerable Software and Affected Versions CodeMeter version 6.60 Description CodeMeter 6.60 contains an unquoted service path that may allow local users to execute arbitrary code with elevated system privileges. An attacker can exploit the unquoted binary path in the CodeMeter Runtime...

EUVD-2011-4009

Malware in sbrugna...

EUVD-2014-8256

Malware in sbrugna...

EUVD-2021-7551

Malicious code in bioql PyPI...

Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V5.0 through V8 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful...

Siemens WIBU CodeMeter Runtime

SUMMARY WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected...

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system...

CVE-2021-41057

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions...

CVE-2021-20094

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server...

CVE-2011-4057

Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service CodeMeter.exe crash via certain crafted packets to TCP port 22350...

Rockwell FactoryTalk Activation Manager < 5.01 RCE

The version of Rockwell FactoryTalk Activation Manager installed on the remote Windows host is prior to 5.01. It is, therefore, affected by a vulnerability. - Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems' products which internall...

Siemens Desigo CC product family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products

Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems. To exploit the heap overflow, additional protection mechanisms need to be...

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system...

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system...

CVE-2023-3935 Wibu: Buffer Overflow in CodeMeter Runtime

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system...

CVE-2023-3935 Wibu: Buffer Overflow in CodeMeter Runtime

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system...

PT-2023-30290 · Unknown · Codemeter Runtime

Name of the Vulnerable Software and Affected Versions: CodeMeter Runtime versions prior to 7.60c Description: The issue is related to an Improper Privilege Management vulnerability, which occurs due to the incorrect use of privileged APIs in CodeMeter Runtime. This allows a local, low-privileged...