CVE-2021-20093

Published: Jun 16, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

Affected (17)

Products: Wibu: Codemeter · Siemens: Pss Cape, Sicam 230 Firmware, Simatic Information Server, Simatic Pcs Neo, Simatic Process Historian, Simatic Wincc Oa, Simit Simulation Platform, Sinec Infrastructure Network Services, Sinema Remote Connect Server

1 product

9 products

Simatic Information Server

Simatic Pcs Neo

Simatic Process Historian

Simatic Wincc Oa

Simit Simulation Platform

Sinec Infrastructure Network Services

Sinema Remote Connect Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wibu Codemeter	Up to 7.21a

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Pss Cape	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Sicam 230 Firmware	All versions

Running on/with	Platform Versions
Siemens Sicam 230	All versions

Configuration D

14 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Information Server	Version 2019 sp1
Siemens Simatic Information Server	Version 2020
Siemens Simatic Pcs Neo	Before 3.1
Siemens Simatic Process Historian	From 2019 to 2020
Siemens Simatic Process Historian	Version 2020
Siemens Simatic Wincc Oa	Version 3.17
Siemens Simatic Wincc Oa	Version 3.18
Siemens Simit Simulation Platform	From 10.0 to 10.3
Siemens Simit Simulation Platform	Version 10.3
Siemens Sinec Infrastructure Network Services	Before 1.0.1.1
Siemens Sinec Infrastructure Network Services	Version 1.0.1
Siemens Sinema Remote Connect Server	Before 3.0
Siemens Sinema Remote Connect Server	Version 3.0
Siemens Sinema Remote Connect Server	Version 3.0 sp1