Design/Logic Flaw

Protocol encryption can be easily broken for CodeMeter All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API...

Memory corruption

Multiple memory corruption vulnerabilities exist in CodeMeter All versions prior to 7.10 where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities...

Heap overflow

An attacker could send a specially crafted packet that could have CodeMeter All versions prior to 7.10 send back packets containing data from the heap...

CVE-2020-16233

An attacker could send a specially crafted packet that could have CodeMeter All versions prior to 7.10 send back packets containing data from the heap...

CVE-2020-16233

CVE-2020-16233 affects CodeMeter WebAdmin (CodeMeter, prior to version 7.10). A network attacker could send a specially crafted packet to cause the server to return packets containing data from the heap, exposing heap data and potentially enabling further exploitation. The vulnerability is docume...

CVE-2020-14513

CodeMeter All versions prior to 6.81 and the software using it may crash while processing a specifically crafted license file due to unverified length fields...

CVE-2020-14513

CVE-2020-14513 affects CodeMeter up to version 6.80 (and WebAdmin components) where processing a specially crafted license file can crash the software due to unverified length fields. Multiple sources (NVD/NCSC/Red Hat advisories, Tenable plugin) confirm CodeMeter prior to 6.81 is affected; updat...

CVE-2020-14515

CodeMeter All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file o...

CVE-2020-14515

CVE-2020-14515 affects CodeMeter WebAdmin prior to 6.90: a flaw in the license-file signature checking mechanism allows forging or arbitrary license files, potentially impersonating a vendor. This is limited to CmActLicense update files with CmActLicense Firm Code. Related sources indicate that e...

CVE-2020-14519

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a...

CVE-2020-14519

CVE-2020-14519 affects CodeMeter WebAdmin’s internal WebSockets API. According to the provided documents, all versions prior to 7.00 are affected, including 7.0 or newer if the affected WebSockets API remains enabled, particularly when a web browser accesses the CodeMeter web server. The vulnerab...

CVE-2020-14517

Protocol encryption can be easily broken for CodeMeter All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API...

CVE-2020-14517

CVE-2020-14517 (CodeMeter). Affects CodeMeter WebAdmin and related components; protocol encryption can be easily broken, and the server can accept external connections, potentially allowing an attacker to remotely communicate with the CodeMeter API. Affected: CodeMeter before 6.90, and 6.90+ only...

CVE-2020-14509

Multiple memory corruption vulnerabilities exist in CodeMeter All versions prior to 7.10 where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities...

CVE-2020-14509

CVE-2020-14509 concerns CodeMeter WebAdmin prior to 7.10a. The vulnerability is a memory corruption issue in the packet parser that does not verify length fields, allowing an attacker to send specially crafted packets to trigger the flaw. Public sources describe potential outcomes as remote code ...

Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical...

Multiple Siemens Products with Insufficient Encryption Strength Vulnerability

Siemens SIMATIC WinCC OA Open Architecture is a SCADA system from Siemens, Germany, and a component of the HMI series. The system is mainly used in industries such as rail transportation, building automation and public power supply.Information Server is used to report and visualize process data...

WIBU CodeMeter vulnerabilities discovered in several Sieens products

WIBU systems has published a number of vulnerabilities, which would allow an unauthenticated remote malicious person is able to Manipulate license files, execute arbitrary code with application privileges or to cause a Denial-of-Service cause. WIBU gives the vulnerability with attribute...

CodeMeter 6.60 - (CodeMeter.exe) Unquoted Service Path Vulnerability

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted...

CodeMeter 6.60 Unquoted Service Path

Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2020-08-05 Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...