sca-2023-0009
Vulnerability from csaf_sick
Published
2023-09-29 10:00
Modified
2023-09-29 10:00
Summary
Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products
Notes
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems.
To exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server.
If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
},
{
"category": "summary",
"text": "Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems.\nTo exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server.\nIf CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter."
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://www.sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0009.json"
},
{
"category": "self",
"summary": "The canonical PDF URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2023/sca-2023-0009.pdf"
}
],
"title": "Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products",
"tracking": {
"current_release_date": "2023-09-29T10:00:00.000Z",
"generator": {
"date": "2023-12-04T10:36:43.371Z",
"engine": {
"name": "Secvisogram",
"version": "2.2.16"
}
},
"id": "SCA-2023-0009",
"initial_release_date": "2023-09-29T10:00:00.000Z",
"revision_history": [
{
"date": "2023-09-29T10:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-10-06T10:00:00.000Z",
"number": "2",
"summary": "Updated fixed version of LiDAR-LOC."
},
{
"date": "2023-12-04T11:00:00.000Z",
"number": "3",
"summary": "Added self reference in CSAF"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.8.0",
"product": {
"name": "SICK SIM2000ST-E \u003e=1.8.0",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"skus": [
"1112345",
"1117588"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST-E"
}
],
"category": "product_family",
"name": "SIM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK AppEngine x86 all versions",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"skus": [
"1613796"
]
}
}
}
],
"category": "product_name",
"name": "AppEngine"
}
],
"category": "product_family",
"name": "AppEngine"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=FW L4M 2022.4",
"product": {
"name": "SICK TDC-E \u003e=FW L4M 2022.4",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"skus": [
"6070344",
"6079357"
]
}
}
}
],
"category": "product_name",
"name": "TDC-E"
}
],
"category": "product_family",
"name": "TDC-E"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.1",
"product": {
"name": "SICK LiDAR-LOC \u003c2.4.1",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"skus": [
"1122752",
"1122751"
]
}
}
}
],
"category": "product_name",
"name": "LiDAR-LOC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.1",
"product": {
"name": "SICK CODE-LOC \u003c2.4.1",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"skus": [
"1132922"
]
}
}
}
],
"category": "product_name",
"name": "CODE-LOC"
}
],
"category": "product_family",
"name": "LiDAR-Lokalisierung"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK FlowGate all versions",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "FlowGate"
}
],
"category": "product_family",
"name": "FlowGate"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.8.0",
"product": {
"name": "SICK SIM2000ST-E Firmware \u003e1.8.0",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "SIM2000ST-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK AppEngine Firmware all versions",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "AppEngine Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=FW L4M 2022.4",
"product": {
"name": "SICK TDC-E Firmware \u003e=FW L4M 2022.4",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "TDC-E Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK LiDAR-LOC Firmware all versions",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "LiDAR-LOC Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK CODE-LOC Firmware all versions",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "CODE-LOC Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST-E all Firmware versions",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK AppEngine all Firmware versions",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK TDC-E \u003c=FW L4M 2022.3 with Firmware \u003c=FW L4M 2022.3",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK LiDAR-LOC all Firmware versions",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK CODE-LOC all Firmware versions",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0020"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In CodeMeter Runtime versions up to 7.60b, there is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to us. To exploit the heap overflow, additional protection mechanisms need to be broken. Remote access is only possible if CodeMeter is configured as a server. If CodeMeter is not configured as a server, the adversary would need to log in to the machine where the CodeMeter Runtime is running or trick the user into sending a malicious request to CodeMeter. This might result in an escalation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
},
"references": [
{
"category": "external",
"summary": "Wibu-Systems Advisory",
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
}
],
"remediations": [
{
"category": "mitigation",
"details": "If possible, run CodeMeter as client only. Otherwise restrict access to server to required clients only by implementing an access list.\nGeneral security best practices can help to protect systems from local and network attacks.",
"product_ids": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a codemeter runtime version \u003e=7.60c.\n",
"product_ids": [
"CSAFPID-0021"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a codemeter runtime version \u003e=7.60c.\n\n*\tLinux x86: \n\n * Stop running SICK AppEngine \n\n * Uninstall Codemeter: sudo dpkg -r CodeMeter\n\n * Download Codemeter \u003e= 7.60c \n\n * Install Codemeter: sudo dpkg -i ./codemeter_7.xx.xxxx.xxx_amd64.deb\n\n * Start SICK AppEngine \n\n*\tWindows: \n\n * Stop running SICK AppEngine \n\n * Uninstall Codemeter using Windows settings app \n\n * Download Codemeter \u003e= 7.60c \n\n * Install CodeMeterRuntime.exe \n\n * Enter URL in browser: http://localhost:22352/configuration/server_access.html\n\n * Configuration \u003e Server \u003e Server Access \n\n * Check Network Server enabled \n\n * Start SICK AppEngine",
"product_ids": [
"CSAFPID-0017"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"category": "vendor_fix",
"details": "Update to a version \u003e= 2.4.1.",
"product_ids": [
"CSAFPID-0019",
"CSAFPID-0020"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
]
}
],
"title": "Wibu-Systems CVE"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.