CVE-2023-3935

EPSS 0.22%
Veröffentlicht 13.09.2023 14:15:09
Zuletzt bearbeitet 21.11.2024 08:18:21
Quelle info@cert.vde.com
Teams Watchlist Login
Unerledigt Login

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wibu ≫ Codemeter Runtime Version < 7.60c

Trumpf ≫ Oseon Version >= 1.0.0 <= 3.0.22

Trumpf ≫ Programmingtube Version >= 1.0.1 <= 4.6.3

Trumpf ≫ Teczonebend Version >= 18.02.r8 <= 23.06.01

Trumpf ≫ Tops Unfold Version05.03.00.00

Trumpf ≫ Topscalculation Version >= 14.00 <= 22.00.00

Trumpf ≫ Trumpflicenseexpert Version >= 1.5.2 <= 1.11.1

Trumpf ≫ Trutops Version >= 08.00 <= 12.01.00.00

Trumpf ≫ Trutops Cell Classic Version <= 09.09.02

Trumpf ≫ Trutops Cell Sw48 Version >= 01.00 <= 02.26.0

Trumpf ≫ Trutops Mark 3d Version >= 01.00 <= 06.01

Trumpf ≫ Trutopsboost Version >= 06.00.23.00 <= 16.0.22

Trumpf ≫ Trutopsfab Version >= 15.00.23.00 <= 22.8.25

Trumpf ≫ Trutopsfab Storage Smallstore Version >= 14.06.20 <= 20.04.20.00

Trumpf ≫ Trutopsprint Version >= 00.06.00 <= 01.00

Trumpf ≫ Trutopsprintmultilaserassistant Version >= 01.02

Trumpf ≫ Trutopsweld Version >= 7.0.198.241 <= 9.0.28148.1

Trumpf ≫ Tubedesign Version >= 08.00 <= 14.06.150

Phoenixcontact ≫ Activation Wizard SwPlatformmoryx Version <= 1.6

Phoenixcontact ≫ E-mobility Charging Suite Version <= 1.7.0

Phoenixcontact ≫ Fl Network Manager Version <= 7.0

Phoenixcontact ≫ Iol-conf Version <= 1.7.0

Phoenixcontact ≫ Module Type Package Designer Version < 1.2.0

Phoenixcontact ≫ Module Type Package Designer Version1.2.0 Updatebeta

Phoenixcontact ≫ Plcnext Engineer Version <= 2023.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf

Vendor Advisory

https://cert.vde.com/en/advisories/VDE-2023-030/

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2023-031/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3935

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3935

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3935

EUVD