CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf	Vendor Advisory
https://cert.vde.com/en/advisories/VDE-2023-030/	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-031/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:trumpf:oseon::::::::
	cpe:2.3:a:trumpf:programmingtube::::::::
	cpe:2.3:a:trumpf:teczonebend::::::::
	cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:::::::*
	cpe:2.3:a:trumpf:topscalculation::::::::
	cpe:2.3:a:trumpf:trumpflicenseexpert::::::::
	cpe:2.3:a:trumpf:trutops::::::::
	cpe:2.3:a:trumpf:trutops_cell_classic::::::::
	cpe:2.3:a:trumpf:trutops_cell_sw48::::::::
	cpe:2.3:a:trumpf:trutops_mark_3d::::::::
	cpe:2.3:a:trumpf:trutopsboost::::::::
	cpe:2.3:a:trumpf:trutopsfab::::::::
	cpe:2.3:a:trumpf:trutopsfab_storage_smallstore::::::::
	cpe:2.3:a:trumpf:trutopsprint::::::::
	cpe:2.3:a:trumpf:trutopsprintmultilaserassistant::::::::
	cpe:2.3:a:trumpf:trutopsweld::::::::
	cpe:2.3:a:trumpf:tubedesign::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:phoenixcontact:activation_wizard::::::moryx::*
	cpe:2.3:a:phoenixcontact:e-mobility_charging_suite::::::::
	cpe:2.3:a:phoenixcontact:fl_network_manager::::::::
	cpe:2.3:a:phoenixcontact:iol-conf::::::::
	cpe:2.3:a:phoenixcontact:module_type_package_designer::::::::
	cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta::::::
	cpe:2.3:a:phoenixcontact:plcnext_engineer::::::::

History

25 Jan 2024, 20:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:phoenixcontact:fl_network_manager:::::::: cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:::::::: cpe:2.3:a:phoenixcontact:activation_wizard::::::moryx::* cpe:2.3:a:phoenixcontact:iol-conf:::::::: cpe:2.3:a:phoenixcontact:plcnext_engineer:::::::: cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:::::: cpe:2.3:a:phoenixcontact:module_type_package_designer::::::::
First Time		Phoenixcontact module Type Package Designer Phoenixcontact activation Wizard Phoenixcontact e-mobility Charging Suite Phoenixcontact plcnext Engineer Phoenixcontact Phoenixcontact iol-conf Phoenixcontact fl Network Manager
References	~~(MISC) https://cert.vde.com/en/advisories/VDE-2023-030/ -~~	(MISC) https://cert.vde.com/en/advisories/VDE-2023-030/ - Third Party Advisory

19 Sep 2023, 08:15

Type	Values Removed	Values Added
References		(MISC) https://cert.vde.com/en/advisories/VDE-2023-030/ -

15 Sep 2023, 14:53

Type	Values Removed	Values Added
First Time		Trumpf trutopsweld Trumpf trutopsfab Storage Smallstore Trumpf trutopsprintmultilaserassistant Trumpf trutopsboost Wibu codemeter Runtime Trumpf tops Unfold Trumpf trutops Cell Sw48 Trumpf trutops Mark 3d Trumpf trutopsfab Trumpf topscalculation Trumpf trutops Trumpf tubedesign Trumpf oseon Trumpf trutopsprint Trumpf teczonebend Trumpf programmingtube Trumpf trutops Cell Classic Trumpf Wibu Trumpf trumpflicenseexpert
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://cert.vde.com/en/advisories/VDE-2023-031/ -~~	(MISC) https://cert.vde.com/en/advisories/VDE-2023-031/ - Third Party Advisory
References	~~(MISC) https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf -~~	(MISC) https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf - Vendor Advisory
CPE		cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:::::::: cpe:2.3:a:trumpf:topscalculation:::::::: cpe:2.3:a:trumpf:trutops_cell_sw48:::::::: cpe:2.3:a:trumpf:programmingtube:::::::: cpe:2.3:a:trumpf:trutops:::::::: cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:::::::: cpe:2.3:a:trumpf:oseon:::::::: cpe:2.3:a:trumpf:trutops_cell_classic:::::::: cpe:2.3:a:trumpf:trutopsfab:::::::: cpe:2.3:a:trumpf:trutopsprint:::::::: cpe:2.3:a:trumpf:tubedesign:::::::: cpe:2.3:a:trumpf:trumpflicenseexpert:::::::: cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:::::::* cpe:2.3:a:trumpf:teczonebend:::::::: cpe:2.3:a:wibu:codemeter_runtime:::::::: cpe:2.3:a:trumpf:trutopsboost:::::::: cpe:2.3:a:trumpf:trutops_mark_3d:::::::: cpe:2.3:a:trumpf:trutopsweld::::::::

13 Sep 2023, 16:34

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-13 14:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-3935

Mitre link : CVE-2023-3935

CVE.ORG link : CVE-2023-3935

JSON object : View

Products Affected

trumpf

teczonebend
trutopsfab
oseon
trutopsprintmultilaserassistant
tubedesign
trutopsweld
tops_unfold
trutopsboost
trutops_cell_classic
topscalculation
programmingtube
trutopsprint
trutopsfab_storage_smallstore
trutops
trumpflicenseexpert
trutops_mark_3d
trutops_cell_sw48

phoenixcontact

iol-conf
fl_network_manager
module_type_package_designer
e-mobility_charging_suite
plcnext_engineer
activation_wizard

wibu

codemeter_runtime

CWE

CWE-787

Out-of-bounds Write

9.8 /10