← Back to home
SIEMENS-SSA-675303  ·  Published 2022-02-08  ·  View on Siemens ProductCERT ↗

SSA-675303 V1.3 (Last Update: 2022-02-08): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products

CVSS 9.1 CRITICAL

Risk Summary

<p>WIBU Systems published information about two vulnerabilities and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p> <p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).</p> <p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>

CVEs (2)

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-675303 V1.3 (Last Update: 2022-02-08): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more