var-202309-0673
Vulnerability from variot

A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0673",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "trutopsboost",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "06.00.23.00"
      },
      {
        "model": "teczonebend",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "18.02.r8"
      },
      {
        "model": "trutops cell sw48",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "02.26.0"
      },
      {
        "model": "topscalculation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "14.00"
      },
      {
        "model": "trutops cell classic",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "09.09.02"
      },
      {
        "model": "teczonebend",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "23.06.01"
      },
      {
        "model": "trutops cell sw48",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "01.00"
      },
      {
        "model": "trumpflicenseexpert",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "1.5.2"
      },
      {
        "model": "trutopsfab storage smallstore",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "20.04.20.00"
      },
      {
        "model": "programmingtube",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "4.6.3"
      },
      {
        "model": "trutopsprintmultilaserassistant",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "01.02"
      },
      {
        "model": "trutopsfab storage smallstore",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "14.06.20"
      },
      {
        "model": "trutopsweld",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "7.0.198.241"
      },
      {
        "model": "trutopsprint",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "00.06.00"
      },
      {
        "model": "oseon",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "3.0.22"
      },
      {
        "model": "programmingtube",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "1.0.1"
      },
      {
        "model": "tubedesign",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "14.06.150"
      },
      {
        "model": "oseon",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "1.0.0"
      },
      {
        "model": "topscalculation",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "22.00.00"
      },
      {
        "model": "trutops",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "08.00"
      },
      {
        "model": "trutopsprint",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "01.00"
      },
      {
        "model": "trutops mark 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "01.00"
      },
      {
        "model": "trutopsboost",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "16.0.22"
      },
      {
        "model": "trutops",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "12.01.00.00"
      },
      {
        "model": "trumpflicenseexpert",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "1.11.1"
      },
      {
        "model": "codemeter runtime",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "wibu",
        "version": "7.60c"
      },
      {
        "model": "trutopsfab",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "22.8.25"
      },
      {
        "model": "tubedesign",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "08.00"
      },
      {
        "model": "trutops mark 3d",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "06.01"
      },
      {
        "model": "tops unfold",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "05.03.00.00"
      },
      {
        "model": "trutopsfab",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "15.00.23.00"
      },
      {
        "model": "trutopsweld",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trumpf",
        "version": "9.0.28148.1"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.60c",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.06.150",
                "versionStartIncluding": "08.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.28148.1",
                "versionStartIncluding": "7.0.198.241",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionStartIncluding": "01.02",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "01.00",
                "versionStartIncluding": "00.06.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "06.01",
                "versionStartIncluding": "01.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "20.04.20.00",
                "versionStartIncluding": "14.06.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "22.8.25",
                "versionStartIncluding": "15.00.23.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "02.26.0",
                "versionStartIncluding": "01.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "09.09.02",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.0.22",
                "versionStartIncluding": "06.00.23.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.01.00.00",
                "versionStartIncluding": "08.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.11.1",
                "versionStartIncluding": "1.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "22.00.00",
                "versionStartIncluding": "14.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "23.06.01",
                "versionStartIncluding": "18.02.r8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.6.3",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.22",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "cve": "CVE-2023-4701",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2023-4701",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-4701",
            "trust": 1.0,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-4701"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT@VDE",
        "id": "VDE-2023-031",
        "trust": 1.1
      },
      {
        "db": "NVD",
        "id": "CVE-2023-4701",
        "trust": 1.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2023-030",
        "trust": 1.0
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-4701",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-4701"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "id": "VAR-202309-0673",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.45604396
  },
  "last_update_date": "2023-09-21T22:24:54.724000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/advisorywibu-230704-01-v3.0.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert.vde.com/en/advisories/vde-2023-031/"
      },
      {
        "trust": 1.0,
        "url": "https://cert.vde.com/en/advisories/vde-2023-030/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/269.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-4701"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2023-4701"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-09-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-4701"
      },
      {
        "date": "2023-09-13T14:15:00",
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-09-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-4701"
      },
      {
        "date": "2023-09-19T08:15:00",
        "db": "NVD",
        "id": "CVE-2023-4701"
      }
    ]
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.