A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
Link | Resource |
---|---|
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf | Vendor Advisory |
https://cert.vde.com/en/advisories/VDE-2023-030/ | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2023-031/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Jan 2024, 20:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:* cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:* cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:* |
|
First Time |
Phoenixcontact module Type Package Designer
Phoenixcontact activation Wizard Phoenixcontact e-mobility Charging Suite Phoenixcontact plcnext Engineer Phoenixcontact Phoenixcontact iol-conf Phoenixcontact fl Network Manager |
|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-030/ - Third Party Advisory |
19 Sep 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Sep 2023, 14:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Trumpf trutopsweld
Trumpf trutopsfab Storage Smallstore Trumpf trutopsprintmultilaserassistant Trumpf trutopsboost Wibu codemeter Runtime Trumpf tops Unfold Trumpf trutops Cell Sw48 Trumpf trutops Mark 3d Trumpf trutopsfab Trumpf topscalculation Trumpf trutops Trumpf tubedesign Trumpf oseon Trumpf trutopsprint Trumpf teczonebend Trumpf programmingtube Trumpf trutops Cell Classic Trumpf Wibu Trumpf trumpflicenseexpert |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-031/ - Third Party Advisory | |
References | (MISC) https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf - Vendor Advisory | |
CPE | cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:* cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:* cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:* cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:* |
13 Sep 2023, 16:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-13 14:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3935
Mitre link : CVE-2023-3935
CVE.ORG link : CVE-2023-3935
JSON object : View
Products Affected
trumpf
- teczonebend
- trutopsfab
- oseon
- trutopsprintmultilaserassistant
- tubedesign
- trutopsweld
- tops_unfold
- trutopsboost
- trutops_cell_classic
- topscalculation
- programmingtube
- trutopsprint
- trutopsfab_storage_smallstore
- trutops
- trumpflicenseexpert
- trutops_mark_3d
- trutops_cell_sw48
phoenixcontact
- iol-conf
- fl_network_manager
- module_type_package_designer
- e-mobility_charging_suite
- plcnext_engineer
- activation_wizard
wibu
- codemeter_runtime
CWE
CWE-787
Out-of-bounds Write