← Back to home
SIEMENS-SSA-240541  ·  Published 2024-05-14  ·  View on Siemens ProductCERT ↗

SSA-240541 V1.3 (Last Update: 2024-05-14): WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products

CVSS 9.8 CRITICAL

Risk Summary

<p>WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.</p> <p>The vulnerability is described in the section ‘Vulnerability Classification’ below and got assigned the CVE ID CVE-2023-3935. Successful exploitation of this vulnerability could allow</p> <ul> <li>an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or</li> <li>an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.</li> </ul> <p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>

CVEs (1)

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-240541 V1.3 (Last Update: 2024-05-14): WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more