CVE-2023-3935

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3935
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf Vendor Advisory
https://cert.vde.com/en/advisories/VDE-2023-030/ Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-031/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*
cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*
History

25 Jan 2024, 20:24

Type Values Removed Values Added
References () https://cert.vde.com/en/advisories/VDE-2023-030/ - () https://cert.vde.com/en/advisories/VDE-2023-030/ - Third Party Advisory
First Time Phoenixcontact module Type Package Designer
Phoenixcontact activation Wizard
Phoenixcontact fl Network Manager
Phoenixcontact e-mobility Charging Suite
Phoenixcontact plcnext Engineer
Phoenixcontact iol-conf
Phoenixcontact
CPE cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*
cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*

19 Sep 2023, 08:15

Type Values Removed Values Added
References
  • (MISC) https://cert.vde.com/en/advisories/VDE-2023-030/ -

15 Sep 2023, 14:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 10.0 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*
cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*
cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*
First Time Trumpf oseon
Trumpf trumpflicenseexpert
Trumpf tops Unfold
Wibu codemeter Runtime
Trumpf
Wibu
Trumpf topscalculation
Trumpf tubedesign
Trumpf trutops Cell Sw48
Trumpf trutopsweld
Trumpf teczonebend
Trumpf trutops
Trumpf trutopsfab Storage Smallstore
Trumpf trutopsfab
Trumpf trutopsprint
Trumpf trutops Cell Classic
Trumpf trutopsboost
Trumpf trutops Mark 3d
Trumpf programmingtube
Trumpf trutopsprintmultilaserassistant
References (MISC) https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf - (MISC) https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf - Vendor Advisory
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-031/ - (MISC) https://cert.vde.com/en/advisories/VDE-2023-031/ - Third Party Advisory

13 Sep 2023, 16:34

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-13 14:15

Updated : 2024-01-25 20:24

NVD link : CVE-2023-3935

Mitre link : CVE-2023-3935

CVE.ORG link : CVE-2023-3935

JSON object : View

Products Affected

phoenixcontact

  • module_type_package_designer
  • plcnext_engineer
  • activation_wizard
  • iol-conf
  • e-mobility_charging_suite
  • fl_network_manager

trumpf

  • trutopsweld
  • programmingtube
  • trutopsfab_storage_smallstore
  • trutops_cell_classic
  • trutops_cell_sw48
  • trutopsboost
  • trutopsfab
  • trumpflicenseexpert
  • trutops_mark_3d
  • teczonebend
  • oseon
  • tubedesign
  • trutopsprint
  • tops_unfold
  • topscalculation
  • trutops
  • trutopsprintmultilaserassistant

wibu

  • codemeter_runtime
CWE
CWE-787

Out-of-bounds Write