CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2020/09/16 7:48 p.m.•81 views

CVE-2020-14515

CVE-2020-14515 affects CodeMeter WebAdmin prior to 6.90: a flaw in the license-file signature checking mechanism allows forging or arbitrary license files, potentially impersonating a vendor. This is limited to CmActLicense update files with CmActLicense Firm Code. Related sources indicate that e...

7.5CVSS7.5AI score0.00085EPSS

Cvelist•added 2020/09/16 7:44 p.m.•20 views

CVE-2020-14519

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a...

7.4AI score0.00086EPSS

CVE•added 2020/09/16 7:44 p.m.•75 views

CVE-2020-14519

CVE-2020-14519 affects CodeMeter WebAdmin’s internal WebSockets API. According to the provided documents, all versions prior to 7.00 are affected, including 7.0 or newer if the affected WebSockets API remains enabled, particularly when a web browser accesses the CodeMeter web server. The vulnerab...

7.5CVSS7.3AI score0.00086EPSS

CVE•added 2020/09/16 7:42 p.m.•149 views

CVE-2020-14517

CVE-2020-14517 (CodeMeter). Affects CodeMeter WebAdmin and related components; protocol encryption can be easily broken, and the server can accept external connections, potentially allowing an attacker to remotely communicate with the CodeMeter API. Affected: CodeMeter before 6.90, and 6.90+ only...

9.8CVSS9.3AI score0.00085EPSS

Cvelist•added 2020/09/16 7:42 p.m.•24 views

CVE-2020-14517

Protocol encryption can be easily broken for CodeMeter All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API...

9.5AI score0.00085EPSS

Cvelist•added 2020/09/16 7:39 p.m.•21 views

CVE-2020-14509

Multiple memory corruption vulnerabilities exist in CodeMeter All versions prior to 7.10 where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities...

9.7AI score0.00276EPSS

CVE•added 2020/09/16 7:39 p.m.•118 views

CVE-2020-14509

CVE-2020-14509 concerns CodeMeter WebAdmin prior to 7.10a. The vulnerability is a memory corruption issue in the packet parser that does not verify length fields, allowing an attacker to send specially crafted packets to trigger the flaw. Public sources describe potential outcomes as remote code ...

9.8CVSS9.5AI score0.00276EPSS

ThreatPost•added 2020/09/09 3:58 p.m.•1493 views

Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical...

7.5CVSS0.6AI score0.03057EPSS

Exploits1References20

CNVD•added 2020/09/09 12:0 a.m.•1 views

Multiple Siemens Products with Insufficient Encryption Strength Vulnerability

Siemens SIMATIC WinCC OA Open Architecture is a SCADA system from Siemens, Germany, and a component of the HMI series. The system is mainly used in industries such as rail transportation, building automation and public power supply.Information Server is used to report and visualize process data...

9.8CVSS6.6AI score0.00085EPSS

NCSC•added 2020/09/08 12:0 a.m.•2 views

WIBU CodeMeter vulnerabilities discovered in several Sieens products

WIBU systems has published a number of vulnerabilities, which would allow an unauthenticated remote malicious person is able to Manipulate license files, execute arbitrary code with application privileges or to cause a Denial-of-Service cause. WIBU gives the vulnerability with attribute...

9.8CVSS7.3AI score0.00276EPSS

0day.today•added 2020/08/07 12:0 a.m.•225 views

CodeMeter 6.60 - (CodeMeter.exe) Unquoted Service Path Vulnerability

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted...

7.4AI score

Packet Storm•added 2020/08/07 12:0 a.m.•140 views

CodeMeter 6.60 Unquoted Service Path

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2020-08-05 Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...

0.3AI score

Exploit DB•added 2020/08/06 12:0 a.m.•202 views

CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path

7.4AI score

Kaspersky•added 2020/01/04 12:0 a.m.•65 views

KLA11658 Multiple vulnerabilities in FactoryTalk Activation Manager

Multiple vulnerabilities were found in FactoryTalk Activation Manager. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Vulnerability in certain versions of Wibu-Systems CodeMeter can ...

10CVSS8.3AI score0.77558EPSS

Exploits7References3

OpenVAS•added 2019/02/09 12:0 a.m.•34 views

WIBU-SYSTEMS CodeMeter Runtime Detection (Windows SMB Login)

SMB login-based detection of WIBU-SYSTEMS CodeMeter Runtime. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

0.2AI score