CVE-2023-3935
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD (Secondary)
Description
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Affected (25)
Products: Wibu: Codemeter Runtime · Trumpf: Oseon, Programmingtube, Teczonebend, Tops Unfold, Topscalculation, Trumpflicenseexpert, Trutops, Trutops Cell Classic, Trutops Cell Sw48, Trutops Mark 3d, Trutopsboost, Trutopsfab, Trutopsfab Storage Smallstore, Trutopsprint, Trutopsprintmultilaserassistant, Trutopsweld, Tubedesign · Phoenixcontact: Activation Wizard, E Mobility Charging Suite, Fl Network Manager, Iol Conf, Module Type Package Designer, Plcnext Engineer
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.60c |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 1.0.0 to 3.0.22 | |
| From 1.0.1 to 4.6.3 | |
| From 18.02.r8 to 23.06.01 | |
| Version 05.03.00.00 | |
| From 14.00 to 22.00.00 | |
| From 1.5.2 to 1.11.1 | |
| From 08.00 to 12.01.00.00 | |
| Up to 09.09.02 | |
| From 01.00 to 02.26.0 | |
| From 01.00 to 06.01 | |
| From 06.00.23.00 to 16.0.22 | |
| From 15.00.23.00 to 22.8.25 | |
| From 14.06.20 to 20.04.20.00 | |
| From 00.06.00 to 01.00 | |
| From 01.02 | |
| From 7.0.198.241 to 9.0.28148.1 | |
| From 08.00 to 14.06.150 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.6 | |
| Up to 1.7.0 | |
| Up to 7.0 | |
| Up to 1.7.0 | |
| Before 1.2.0 | |
| Up to 2023.6 |
References (6)
Source: info@cert.vde.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.