← Back to home
SIEMENS-SSA-507364  ·  Published 2026-02-10  ·  View on Siemens ProductCERT ↗

SSA-507364 V1.0: Heap Based Buffer Overflow Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager

CVSS N/A MEDIUM

Risk Summary

<p>Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could lead to code execution in the context of the current process.</p> <p>Siemens has released instructions how to update the CodeMeter Runtime component and recommends to apply the update on affected systems.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-507364 V1.0: Heap Based Buffer Overflow Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more