A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.
References
Link | Resource |
---|---|
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf | Mitigation Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf | Patch Third Party Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02 | Third Party Advisory US Government Resource |
https://www.tenable.com/security/research/tra-2021-24 | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
History
06 Oct 2022, 17:43
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens sinec Infrastructure Network Services
Siemens sicam 230 Firmware Siemens simit Simulation Platform Siemens simatic Process Historian Siemens sicam 230 Siemens simatic Pcs Neo Siemens sinema Remote Connect Server Siemens simatic Wincc Oa Siemens simatic Information Server Siemens pss Cape Siemens |
|
References |
|
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:siemens:simit_simulation_platform:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:sicam_230:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_process_historian:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_information_server:2020:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:sicam_230_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simit_simulation_platform:10.3:-:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_process_historian:2020:-:*:*:*:*:*:* cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:* |
05 Aug 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jun 2021, 19:52
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.tenable.com/security/research/tra-2021-24 - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf - Mitigation, Vendor Advisory | |
CWE | CWE-125 | |
CPE | cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
16 Jun 2021, 12:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-16 12:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-20093
Mitre link : CVE-2021-20093
CVE.ORG link : CVE-2021-20093
JSON object : View
Products Affected
siemens
- sicam_230
- pss_cape
- sicam_230_firmware
- simatic_pcs_neo
- simatic_wincc_oa
- sinema_remote_connect_server
- sinec_infrastructure_network_services
- simatic_information_server
- simatic_process_historian
- simit_simulation_platform
wibu
- codemeter
CWE
CWE-125
Out-of-bounds Read