VDE-2023-030
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2023-09-19 06:50 - Updated: 2023-11-13 11:00Summary
Phoenix Contact: Multiple products affected by WIBU Codemeter Vulnerability (Update A)
Notes
Summary: A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple Phoenix Contact products.
Phoenix Contact devices using CodeMeter embedded are not affected by this vulnerability.
Update A, 2023-11-13
Removed CVE-2023-4701 because it was revoked.
Impact: An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction.
Exploiting the vulnerability in WIBU CodeMeter Runtime in non-networked workstation mode could lead to a privilege elevation and full admin access on this workstation.
Mitigation: 1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.
2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the network for reducing the risk is strongly recommended.
3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.
4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.
Remediation: PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V7.60c, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.60c has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.
Install Phoenix Contact Activation Wizard from version 1.7 when available.Please check the Phoenix Contact e-Shop for your related Software product regularly.
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
9.8 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.
2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the network for reducing the risk is strongly recommended.
3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.
4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.
Vendor Fix
PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V7.60c, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.60c has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.
Install Phoenix Contact Activation Wizard from version 1.7 when available.Please check the Phoenix Contact e-Shop for your related Software product regularly.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A Vulnerability in WIBU-SYSTEMS CodeMeter Runtime affects multiple\u00a0Phoenix Contact\u00a0products.\nPhoenix Contact devices using CodeMeter embedded are not affected by\u00a0this\u00a0vulnerability.\nUpdate A, 2023-11-13\nRemoved CVE-2023-4701 because it was revoked.",
"title": "Summary"
},
{
"category": "description",
"text": "An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction.\nExploiting the vulnerability in WIBU CodeMeter Runtime in non-networked workstation mode could lead to a privilege elevation and full admin access on this workstation.",
"title": "Impact"
},
{
"category": "description",
"text": "1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.\n\n2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the network for reducing the risk is strongly recommended.\n\n3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.\n\n4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.",
"title": "Mitigation"
},
{
"category": "description",
"text": "PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V7.60c, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.60c has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.\n\nInstall Phoenix Contact Activation Wizard from version 1.7 when available.Please check the Phoenix Contact e-Shop for your related Software product regularly.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-030: Phoenix Contact: Multiple products affected by WIBU Codemeter Vulnerability (Update A) - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-030/"
},
{
"category": "self",
"summary": "VDE-2023-030: Phoenix Contact: Multiple products affected by WIBU Codemeter Vulnerability (Update A) - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-030.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
}
],
"title": "Phoenix Contact: Multiple products affected by WIBU Codemeter Vulnerability (Update A)",
"tracking": {
"aliases": [
"VDE-2023-030"
],
"current_release_date": "2023-11-13T11:00:00.000Z",
"generator": {
"date": "2025-04-10T09:18:47.042Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2023-030",
"initial_release_date": "2023-09-19T06:50:00.000Z",
"revision_history": [
{
"date": "2023-09-19T06:50:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2023-11-13T11:00:00.000Z",
"number": "2",
"summary": "Update A"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.7.0",
"product": {
"name": "E-Mobility Charging Suite \u003c=1.7.0",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"1153520"
]
}
}
}
],
"category": "product_name",
"name": "E-Mobility Charging Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.0",
"product": {
"name": "FL Network Manager \u003c=7.0",
"product_id": "CSAFPID-51002",
"product_identification_helper": {
"model_numbers": [
"2702889"
]
}
}
}
],
"category": "product_name",
"name": "FL Network Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.7.0",
"product": {
"name": "IOL Conf \u003c=1.7.0",
"product_id": "CSAFPID-51003",
"product_identification_helper": {
"model_numbers": [
"1083065"
]
}
}
}
],
"category": "product_name",
"name": "IOL Conf"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.2.0 BETA",
"product": {
"name": "MTP DESIGNER \u003c=1.2.0 BETA",
"product_id": "CSAFPID-51004",
"product_identification_helper": {
"model_numbers": [
"1636198"
]
}
}
}
],
"category": "product_name",
"name": "MTP DESIGNER"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.2.0 BETA",
"product": {
"name": "MTP DESIGNER TRIAL \u003c=1.2.0 BETA",
"product_id": "CSAFPID-51005",
"product_identification_helper": {
"model_numbers": [
"1636200"
]
}
}
}
],
"category": "product_name",
"name": "MTP DESIGNER TRIAL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.6",
"product": {
"name": "PHOENIX CONTACT Activation Wizard \u003c=1.6",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_version",
"name": "1.7",
"product": {
"name": "Activation Wizard 1.7",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "PHOENIX CONTACT Activation Wizard"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.6",
"product": {
"name": "PHOENIX CONTACT Activation Wizard in MORYX Software Platform \u003c=1.6",
"product_id": "CSAFPID-51007",
"product_identification_helper": {
"model_numbers": [
"1550589"
]
}
}
},
{
"category": "product_version",
"name": "1.7",
"product": {
"name": "PHOENIX CONTACT Activation Wizard in MORYX Software Platform 1.7",
"product_id": "CSAFPID-52001",
"product_identification_helper": {
"model_numbers": [
"1550589"
]
}
}
}
],
"category": "product_name",
"name": "PHOENIX CONTACT Activation Wizard in MORYX Software Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2023.6",
"product": {
"name": "PLCnext Engineer \u003c=2023.6",
"product_id": "CSAFPID-51008",
"product_identification_helper": {
"model_numbers": [
"1046008"
]
}
}
}
],
"category": "product_name",
"name": "PLCnext Engineer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2023.6",
"product": {
"name": "PLCnext Engineer EDU LIC \u003c=2023.6",
"product_id": "CSAFPID-51009",
"product_identification_helper": {
"model_numbers": [
"1165889"
]
}
}
}
],
"category": "product_name",
"name": "PLCnext Engineer EDU LIC"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"summary": "Fixed products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks like described in the application node AH EN INDUSTRIAL SECURITY.\n\n2. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost an attack is no longer possible via remote network connection. The network server is disabled by default. If it is not possible to disable the network server, using a host-based firewall to restrict access to the network for reducing the risk is strongly recommended.\n\n3. The CmWAN server is disabled by default. Please check if CmWAN is enabled and disable the feature if it is not needed.\n\n4. Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated users. The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the reverse proxy to access the CmWAN port.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "PHOENIX CONTACT strongly recommends affected users to upgrade to CodeMeter V7.60c, which fixes these vulnerabilities. WIBU-SYSTEMS has already published this update for CodeMeter on their homepage. Since this current version of CodeMeter V7.60c has not yet been incorporated into Phoenix Contact products, we strongly recommend to download and install the current CodeMeter version directly from the WIBU-SYSTEMS homepage.\n\nInstall Phoenix Contact Activation Wizard from version 1.7 when available.Please check the Phoenix Contact e-Shop for your related Software product regularly.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
]
}
],
"title": "CVE-2023-3935"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…