CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2023-3935

CVSS 9.8v3.1pub. 2023-09-13upd. 2024-11-21

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phoenixcontact Activation Wizard

    APP
    Phoenixcontact
    ≀ 1.6
  • Phoenixcontact E Mobility Charging Suite

    APP
    Phoenixcontact
    ≀ 1.7.0
  • Phoenixcontact Fl Network Manager

    APP
    Phoenixcontact
    ≀ 7.0
  • Phoenixcontact Iol Conf

    APP
    Phoenixcontact
    ≀ 1.7.0
  • Phoenixcontact Module Type Package Designer

    APP
    Phoenixcontact
    1.2.0< 1.2.0
  • Phoenixcontact Plcnext Engineer

    APP
    Phoenixcontact
    ≀ 2023.6
  • Trumpf Oseon

    APP
    Trumpf
    1.0.0 – 3.0.22
  • Trumpf Programmingtube

    APP
    Trumpf
    1.0.1 – 4.6.3
  • Trumpf Teczonebend

    APP
    Trumpf
    18.02.r8 – 23.06.01
  • Trumpf Topscalculation

    APP
    Trumpf
    14.00 – 22.00.00
  • Trumpf Tops Unfold

    APP
    Trumpf
    05.03.00.00
  • Trumpf Trumpflicenseexpert

    APP
    Trumpf
    1.5.2 – 1.11.1
  • Trumpf Trutops

    APP
    Trumpf
    08.00 – 12.01.00.00
  • Trumpf Trutopsboost

    APP
    Trumpf
    06.00.23.00 – 16.0.22
  • Trumpf Trutops Cell Classic

    APP
    Trumpf
    ≀ 09.09.02
  • Trumpf Trutops Cell Sw48

    APP
    Trumpf
    01.00 – 02.26.0
  • Trumpf Trutopsfab

    APP
    Trumpf
    15.00.23.00 – 22.8.25
  • Trumpf Trutopsfab Storage Smallstore

    APP
    Trumpf
    14.06.20 – 20.04.20.00
  • Trumpf Trutops Mark 3d

    APP
    Trumpf
    01.00 – 06.01
  • Trumpf Trutopsprint

    APP
    Trumpf
    00.06.00 – 01.00
  • Trumpf Trutopsprintmultilaserassistant

    APP
    Trumpf
    β‰₯ 01.02
  • Trumpf Trutopsweld

    APP
    Trumpf
    7.0.198.241 – 9.0.28148.1
  • Trumpf Tubedesign

    APP
    Trumpf
    08.00 – 14.06.150
  • Wibu Codemeter Runtime

    APP
    Wibu
    < 7.60c
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2022-2052CRITICAL9.8ten sam produkt

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary...

CVE-2023-46142HIGH8.8ten sam produkt

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote att...

CVE-2021-41057HIGH7.1ten sam produkt

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked f...

CVE-2020-12499HIGH8.2ten sam produkt

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exi...

CVE-2014-8419HIGH7.2ten sam produkt

Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for cod...

CVE-2023-3935 β€” Phoenixcontact β€” Activation Wizard β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl