9 matches found
CVE-2020-14517
CVE-2020-14517 (CodeMeter). Affects CodeMeter WebAdmin and related components; protocol encryption can be easily broken, and the server can accept external connections, potentially allowing an attacker to remotely communicate with the CodeMeter API. Affected: CodeMeter before 6.90, and 6.90+ only...
CVE-2021-20093
CVE-2021-20093 affects Wibu-Systems CodeMeter Runtime (CodeMeter, CmWAN/CodeMeter Network Server) prior to v7.21a. The issue is a buffer over-read (CWE-126) in the CodeMeter Runtime network server that can be exploited by an unauthenticated remote attacker to disclose heap memory contents or cras...
CVE-2020-14509
CVE-2020-14509 concerns CodeMeter WebAdmin prior to 7.10a. The vulnerability is a memory corruption issue in the packet parser that does not verify length fields, allowing an attacker to send specially crafted packets to trigger the flaw. Public sources describe potential outcomes as remote code ...
CVE-2020-14515
CVE-2020-14515 affects CodeMeter WebAdmin prior to 6.90: a flaw in the license-file signature checking mechanism allows forging or arbitrary license files, potentially impersonating a vendor. This is limited to CmActLicense update files with CmActLicense Firm Code. Related sources indicate that e...
CVE-2020-14513
CVE-2020-14513 affects CodeMeter up to version 6.80 (and WebAdmin components) where processing a specially crafted license file can crash the software due to unverified length fields. Multiple sources (NVD/NCSC/Red Hat advisories, Tenable plugin) confirm CodeMeter prior to 6.81 is affected; updat...
CVE-2020-14519
CVE-2020-14519 affects CodeMeter WebAdmin’s internal WebSockets API. According to the provided documents, all versions prior to 7.00 are affected, including 7.0 or newer if the affected WebSockets API remains enabled, particularly when a web browser accesses the CodeMeter web server. The vulnerab...
CVE-2020-16233
CVE-2020-16233 affects CodeMeter WebAdmin (CodeMeter, prior to version 7.10). A network attacker could send a specially crafted packet to cause the server to return packets containing data from the heap, exposing heap data and potentially enabling further exploitation. The vulnerability is docume...
CVE-2021-20094
CVE-2021-20094 is a publicly documented vulnerability in Wibu-Systems CodeMeter Runtime (CmWAN server) affecting versions earlier than 7.21a. An unauthenticated remote attacker can crash the CodeMeter Runtime Server by sending specially crafted packets to the CmWAN service. The connected sources ...
CVE-2017-13754
CVE-2017-13754 is an XSS flaw in Wibu-Systems CodeMeter (advanced settings – time server) where an attacker can inject script via the server name field in actions/ChangeConfiguration.html. Vulnerable until CodeMeter version 6.50b (and is embedded in some FactoryTalk Activation Manager releases pr...