Vulnerability-Lookup

VDE-2023-031

Vulnerability from csaf_trumpfsecokg - Published: 2023-09-13 10:00 - Updated: 2023-11-13 11:00

Summary

Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability

Notes

Summary: The TRUMPF CAD/CAM software tools mentioned above use the vulnerable CodeMeter Runtime (up to version 7.60b) application from WIBU-SYSTEMS AG to manage licenses within the component TRUMPF License Expert. This CodeMeter application contains new vulnerabilities, which may enable an attacker to gain full access to the server or workstation on which the TRUMPF License Expert has been installed on. A new version of the TRUMPF License Expert which fixes this vulnerability is available.Machines with a running and correctly installed mGuard hardware firewall cannot be exploited by this vulnerability if used as intended (according to the manual). Update A, 2023-11-13 Removed CVE-2023-4701 because it was revoked.

Impact: An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction. Exploiting the vulnerability in WIBU CodeMeter Runtime in non-networked workstation mode could lead to a privilege elevation and full access on this workstation for an already authenticated user (logged in locally to the PC).

Mitigation: Implement general security best practices like network segmentation, endpoint protection and system hardening. Restrict network access to the TRUMPF License Expert server component to required clients only by using firewalls or other suitable products.

Remediation: Get the latest version of the TRUMPF License Expert software (>= V2.0.0) at trumpf.com/de_DE/produkte/software/software-lizenzierung and install it on all affected servers and workstations.

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Mitigation Implement general security best practices like network segmentation, endpoint protection and system hardening. Restrict network access to the TRUMPF License Expert server component to required clients only by using firewalls or other suitable products.

Vendor Fix Get the latest version of the TRUMPF License Expert software (>= V2.0.0) at trumpf.com/de_DE/produkte/software/software-lizenzierung and install it on all affected servers and workstations.

References

URL

Category

	https://certvde.com/en/advisories/VDE-2023-031/	self
	https://trumpf.csaf-tp.certvde.com/.well-known/cs…	self
	https://www.trumpf.com	external
	https://certvde.com/en/advisories/vendor/trumpf/	external

Acknowledgments

CERT@VDE certvde.com

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "The TRUMPF CAD/CAM software tools mentioned above use the vulnerable CodeMeter Runtime (up to version 7.60b) application from WIBU-SYSTEMS AG to manage licenses within the component TRUMPF License Expert. This CodeMeter application contains new vulnerabilities, which may enable an attacker to gain full access to the server or workstation on which the TRUMPF License Expert has been installed on. A new version of the TRUMPF License Expert which fixes this vulnerability is available.Machines with a running and correctly installed mGuard hardware firewall cannot be exploited by this vulnerability if used as intended (according to the manual).\n\nUpdate A, 2023-11-13\nRemoved CVE-2023-4701 because it was revoked.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction.\nExploiting the vulnerability in WIBU CodeMeter Runtime in non-networked workstation mode could lead to a privilege elevation and full access on this workstation for an already authenticated user (logged in locally to the PC).",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Implement general security best practices like network segmentation, endpoint protection and system hardening.\nRestrict network access to the TRUMPF License Expert server component to required clients only by using firewalls or other suitable products.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Get the latest version of the TRUMPF License Expert software (\u003e= V2.0.0)\u00a0at\u00a0trumpf.com/de_DE/produkte/software/software-lizenzierung\u00a0and install it on all affected servers and workstations.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "product.security@trumpf.com",
      "name": "Trumpf SE + Co. KG",
      "namespace": "https://www.trumpf.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-031: Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-031/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-031: Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability - CSAF",
        "url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-031.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.trumpf.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Trumpf SE + Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/trumpf/"
      }
    ],
    "title": "Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2023-031"
      ],
      "current_release_date": "2023-11-13T11:00:00.000Z",
      "generator": {
        "date": "2025-05-14T13:50:48.706Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.25"
        }
      },
      "id": "VDE-2023-031",
      "initial_release_date": "2023-09-13T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-09-13T10:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2023-11-13T11:00:00.000Z",
          "number": "2",
          "summary": "Update A"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V1.0\u003c=V1.3",
                    "product": {
                      "name": "MonitoringAnalyzer V1.0\u003c=V1.3",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "MonitoringAnalyzer"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V1.0.0\u003c=V3.0.22",
                    "product": {
                      "name": "Oseon V1.0.0\u003c=V3.0.22",
                      "product_id": "CSAFPID-51002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Oseon"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V1.0.1\u003c=V4.6.3",
                    "product": {
                      "name": "ProgrammingTube V1.0.1\u003c=V4.6.3",
                      "product_id": "CSAFPID-51003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "ProgrammingTube"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V18.02.R8\u003c=V23.06.01",
                    "product": {
                      "name": "TecZoneBend V18.02.R8\u003c=V23.06.01",
                      "product_id": "CSAFPID-51004"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TecZoneBend"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V14.00\u003c=V22.00.00",
                    "product": {
                      "name": "ToPsCalculation V14.00\u003c=V22.00.00",
                      "product_id": "CSAFPID-51005"
                    }
                  }
                ],
                "category": "product_name",
                "name": "ToPsCalculation"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "V05.03.00.00",
                    "product": {
                      "name": "Tops Unfold V05.03.00.00",
                      "product_id": "CSAFPID-51006"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Tops Unfold"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V1.5.2\u003c=V1.11.1",
                    "product": {
                      "name": "TrumpfLicenseExpert V1.5.2\u003c=V1.11.1",
                      "product_id": "CSAFPID-51007"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TrumpfLicenseExpert"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V08.00\u003c=V12.01.00.00",
                    "product": {
                      "name": "TruTops V08.00\u003c=V12.01.00.00",
                      "product_id": "CSAFPID-51008"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTops"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V06.00.23.00\u003c=V16.0.22",
                    "product": {
                      "name": "TruTopsBoost V06.00.23.00\u003c=V16.0.22",
                      "product_id": "CSAFPID-51009"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTopsBoost"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=V09.09.02",
                    "product": {
                      "name": "TruTops Cell Classic \u003c=V09.09.02",
                      "product_id": "CSAFPID-510010"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTops Cell Classic"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V01.00\u003c=V02.26.0",
                    "product": {
                      "name": "TruTops Cell SW48 V01.00\u003c=V02.26.0",
                      "product_id": "CSAFPID-510011"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTops Cell SW48"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V15.00.23.00\u003c=V22.8.25",
                    "product": {
                      "name": "TruTopsFab (inkl.TruTops Monitor) V15.00.23.00\u003c=V22.8.25",
                      "product_id": "CSAFPID-510012"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTopsFab (inkl.TruTops Monitor)"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V14.06.20\u003c=V20.04.20.00",
                    "product": {
                      "name": "TruTopsFab_Storage_SmallStore V14.06.20\u003c=V20.04.20.00",
                      "product_id": "CSAFPID-510013"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTopsFab_Storage_SmallStore"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V01.00\u003c=V06.01",
                    "product": {
                      "name": "TruTops Mark 3D V01.00\u003c=V06.01",
                      "product_id": "CSAFPID-510014"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTops Mark 3D"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V00.06.00\u003c=V01.00",
                    "product": {
                      "name": "TruTopsPrint V00.06.00\u003c=V01.00",
                      "product_id": "CSAFPID-510015"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTopsPrint"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003e=V01.02",
                    "product": {
                      "name": "TruTopsPrintMultilaserAssistant \u003e=V01.02",
                      "product_id": "CSAFPID-510016"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTopsPrintMultilaserAssistant"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V7.0.198.241\u003c=V9.0.28148.1",
                    "product": {
                      "name": "TruTopsWeld V7.0.198.241\u003c=V9.0.28148.1",
                      "product_id": "CSAFPID-510017"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TruTopsWeld"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "V08.00\u003c=V14.06.150",
                    "product": {
                      "name": "TubeDesign V08.00\u003c=V14.06.150",
                      "product_id": "CSAFPID-510018"
                    }
                  }
                ],
                "category": "product_name",
                "name": "TubeDesign"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Trumpf"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51005",
          "CSAFPID-51006",
          "CSAFPID-51007",
          "CSAFPID-51008",
          "CSAFPID-51009",
          "CSAFPID-510010",
          "CSAFPID-510011",
          "CSAFPID-510012",
          "CSAFPID-510013",
          "CSAFPID-510014",
          "CSAFPID-510015",
          "CSAFPID-510016",
          "CSAFPID-510017",
          "CSAFPID-510018"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-3935",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002",
          "CSAFPID-51003",
          "CSAFPID-51004",
          "CSAFPID-51005",
          "CSAFPID-51006",
          "CSAFPID-51007",
          "CSAFPID-51008",
          "CSAFPID-51009",
          "CSAFPID-510010",
          "CSAFPID-510011",
          "CSAFPID-510012",
          "CSAFPID-510013",
          "CSAFPID-510014",
          "CSAFPID-510015",
          "CSAFPID-510016",
          "CSAFPID-510017",
          "CSAFPID-510018"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Implement general security best practices like network segmentation, endpoint protection and system hardening.\nRestrict network access to the TRUMPF License Expert server component to required clients only by using firewalls or other suitable products.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Get the latest version of the TRUMPF License Expert software (\u003e= V2.0.0)\u00a0at\u00a0trumpf.com/de_DE/produkte/software/software-lizenzierung\u00a0and install it on all affected servers and workstations.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002",
            "CSAFPID-51003",
            "CSAFPID-51004",
            "CSAFPID-51005",
            "CSAFPID-51006",
            "CSAFPID-51007",
            "CSAFPID-51008",
            "CSAFPID-51009",
            "CSAFPID-510010",
            "CSAFPID-510011",
            "CSAFPID-510012",
            "CSAFPID-510013",
            "CSAFPID-510014",
            "CSAFPID-510015",
            "CSAFPID-510016",
            "CSAFPID-510017",
            "CSAFPID-510018"
          ]
        }
      ],
      "title": "CVE-2023-3935"
    }
  ]
}

BDU:2023-05843

Vulnerability from fstec - Published: 30.08.2023

Title

Уязвимость микропрограммного обеспечения для управления и мониторинга потребления воздуха в пневматических системах Festo MSE6-C2M, MSE6-D2M и MSE6-E2M, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость микропрограммного обеспечения для управления и мониторинга потребления воздуха в пневматических системах Festo MSE6-C2M, MSE6-D2M и MSE6-E2M связана с наличием недокументированных команд конфигурации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Festo SE & Co. KG

Software Name

MSE6-C2M-5000-FB36-DM-RG-BAR-M12L4-AGD, MSE6-C2M-5000-FB36-DM-RG-BAR-M12L5-AGD, MSE6-C2M-5000-FB43-DM-RG-BAR-M12L4-MQ1-AGD, MSE6-C2M-5000-FB43-DM-RG-BAR-M12L5-MQ1-AGD, MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD, MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD, MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB36-AGD, MSE6-E2M-5000-FB37-AGD, MSE6-E2M-5000-FB43-AGD, MSE6-E2M-5000-FB44-AGD

Software Version

- (MSE6-C2M-5000-FB36-DM-RG-BAR-M12L4-AGD), - (MSE6-C2M-5000-FB36-DM-RG-BAR-M12L5-AGD), - (MSE6-C2M-5000-FB43-DM-RG-BAR-M12L4-MQ1-AGD), - (MSE6-C2M-5000-FB43-DM-RG-BAR-M12L5-MQ1-AGD), - (MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD), - (MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD), - (MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD), - (MSE6-E2M-5000-FB13-AGD), - (MSE6-E2M-5000-FB36-AGD), - (MSE6-E2M-5000-FB37-AGD), - (MSE6-E2M-5000-FB43-AGD), - (MSE6-E2M-5000-FB44-AGD)

Possible Mitigations

Компенсирующие меры: - использование антивирусных средств защиты; - мониторинг действий пользователей; - запуск приложений от имени пользователя с минимальными возможными привилегиями в операционной системе; - отключение неиспользуемых учетных записей, а также учетных записей недоверенных пользователей; - применение систем обнаружения и предотвращения вторжений.

Reference

https://cert.vde.com/en/advisories/VDE-2023-020/

CWE

CWE-912

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Festo SE \u0026 Co. KG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (MSE6-C2M-5000-FB36-DM-RG-BAR-M12L4-AGD), - (MSE6-C2M-5000-FB36-DM-RG-BAR-M12L5-AGD), - (MSE6-C2M-5000-FB43-DM-RG-BAR-M12L4-MQ1-AGD), - (MSE6-C2M-5000-FB43-DM-RG-BAR-M12L5-MQ1-AGD), - (MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD), - (MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD), - (MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD), - (MSE6-E2M-5000-FB13-AGD), - (MSE6-E2M-5000-FB36-AGD), - (MSE6-E2M-5000-FB37-AGD), - (MSE6-E2M-5000-FB43-AGD), - (MSE6-E2M-5000-FB44-AGD)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b;\n- \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.08.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.09.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05843",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-3634, VDE-2023-031",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MSE6-C2M-5000-FB36-DM-RG-BAR-M12L4-AGD, MSE6-C2M-5000-FB36-DM-RG-BAR-M12L5-AGD, MSE6-C2M-5000-FB43-DM-RG-BAR-M12L4-MQ1-AGD, MSE6-C2M-5000-FB43-DM-RG-BAR-M12L5-MQ1-AGD, MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD, MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD, MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB36-AGD, MSE6-E2M-5000-FB37-AGD, MSE6-E2M-5000-FB43-AGD, MSE6-E2M-5000-FB44-AGD",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u0434\u0443\u0445\u0430 \u0432 \u043f\u043d\u0435\u0432\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Festo MSE6-C2M, MSE6-D2M \u0438 MSE6-E2M, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0421\u043a\u0440\u044b\u0442\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 (CWE-912)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u0434\u0443\u0445\u0430 \u0432 \u043f\u043d\u0435\u0432\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Festo MSE6-C2M, MSE6-D2M \u0438 MSE6-E2M \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0430\u043b\u0438\u0447\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert.vde.com/en/advisories/VDE-2023-020/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-912",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2023-3935 (GCVE-0-2023-3935)

Vulnerability from cvelistv5 – Published: 2023-09-13 13:19 – Updated: 2025-08-27 20:32

Title

Wibu: Buffer Overflow in CodeMeter Runtime

Summary

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

CERTVDE

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2023-031

BDU:2023-05843

CVE-2023-3935 (GCVE-0-2023-3935)

Tags

Sightings

Nomenclature