VDE-2023-033
Vulnerability from csaf_pilzgmbhcokg - Published: 2023-10-12 06:00 - Updated: 2025-05-22 13:03Summary
Pilz: WIBU Vulnerabilitiy in multiple Products
Notes
Summary: Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.
Update A, 2023-12-05
changed affected version of "Software PASvisu < 1.15.0" to "Software PASvisu < 1.14.1"
removed CVE-2023-4701 because it was revoked.
Impact: When running WIBU CodeMeter Runtime in non-server mode, a local user may grant themselves improper elevated privileges. When running in server mode, a remote attacker may gain full control over the system. By default, the CodeMeter Runtime is running in non-server mode.
Remediation: PAS4000, PASvisu, PIT User Authentication Service, PNOZsigma Configurator, PMIv8: Installthe fixed version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version.
PASloto, Live Video Server, SafetyEYE Configurator, PMC programming tool: These productsare end-of-live, please follow the general countermeasures.
General Countermeasures: - Download and install CodeMeter Runtime version 7.60c or later from WIBU-SYSTEM's website https://www.wibu.com/de/support.html
- When CodeMeter Runtime is used in server mode, restrict access on the network-level by using a firewall or comparable measures.
- Restrict local access to authorized users only on the system running the CodeMeter runtime.
- Also deploy strong hardening measures and endpoint protection solutions.
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
9.8 (Critical)
Vendor Fix
PAS4000, PASvisu, PIT User Authentication Service, PNOZsigma Configurator, PMIv8: Installthe fixed version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version.
PASloto, Live Video Server, SafetyEYE Configurator, PMC programming tool: These productsare end-of-live, please follow the general countermeasures.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several Pilz products use the 3rd party component \"CodeMeter Runtime\" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.\n\nUpdate A, 2023-12-05\n\nchanged affected version of \"Software PASvisu \u003c 1.15.0\" to \"Software PASvisu \u003c 1.14.1\"\nremoved CVE-2023-4701 because it was revoked.",
"title": "Summary"
},
{
"category": "description",
"text": "When running WIBU CodeMeter Runtime in non-server mode, a local user may grant themselves improper elevated privileges. When running in server mode, a remote attacker may gain full control over the system. By default, the CodeMeter Runtime is running in non-server mode.",
"title": "Impact"
},
{
"category": "description",
"text": "PAS4000, PASvisu, PIT User Authentication Service, PNOZsigma Configurator, PMIv8: Installthe fixed version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version.\nPASloto, Live Video Server, SafetyEYE Configurator, PMC programming tool: These productsare end-of-live, please follow the general countermeasures.",
"title": "Remediation"
},
{
"category": "general",
"text": "- Download and install CodeMeter Runtime version 7.60c or later from WIBU-SYSTEM\u0027s website https://www.wibu.com/de/support.html\n\n- When CodeMeter Runtime is used in server mode, restrict access on the network-level by using a firewall or comparable measures.\n\n- Restrict local access to authorized users only on the system running the CodeMeter runtime.\n\n- Also deploy strong hardening measures and endpoint protection solutions.",
"title": "General Countermeasures"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-033: Pilz: WIBU Vulnerabilitiy in multiple Products - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-033/"
},
{
"category": "self",
"summary": "VDE-2023-033: Pilz: WIBU Vulnerabilitiy in multiple Products - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-033.json"
},
{
"category": "external",
"summary": "Pilz PSIRT",
"url": "https://www.pilz.com/en-INT/products/industrial-security/security-incident-management"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz/"
}
],
"title": "Pilz: WIBU Vulnerabilitiy in multiple Products",
"tracking": {
"aliases": [
"VDE-2023-033"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-05-05T12:05:40.075Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2023-033",
"initial_release_date": "2023-10-12T06:00:00.000Z",
"revision_history": [
{
"date": "2023-10-12T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2023-12-05T11:00:00.000Z",
"number": "2",
"summary": "Update A"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.3",
"product": {
"name": "PASloto \u003c= 1.1.3",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "PASloto"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3.0.0\u003c=3.5.18.2",
"product": {
"name": "PMC programming tool 3.x.x 3.0.0 \u003c= 3.5.18.2",
"product_id": "CSAFPID-51002"
}
}
],
"category": "product_name",
"name": "PMC programming tool 3.x.x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.0.33992",
"product": {
"name": "PMI v8xx \u003c= 2.0.33992",
"product_id": "CSAFPID-51003",
"product_identification_helper": {
"model_numbers": [
"266807, 266812, 266815"
]
}
}
}
],
"category": "product_name",
"name": "PMI v8xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.5.0",
"product": {
"name": "PNOZsigma Configurator \u003c 1.5.0",
"product_id": "CSAFPID-51004"
}
}
],
"category": "product_name",
"name": "PNOZsigma Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.0",
"product": {
"name": "Software Live Video Server \u003c= 1.1.0",
"product_id": "CSAFPID-51005"
}
}
],
"category": "product_name",
"name": "Software Live Video Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.26.0",
"product": {
"name": "Software PAS4000 \u003c 1.26.0",
"product_id": "CSAFPID-51006"
}
}
],
"category": "product_name",
"name": "Software PAS4000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.14.1",
"product": {
"name": "Software PASvisu \u003c 1.14.1",
"product_id": "CSAFPID-51007"
}
}
],
"category": "product_name",
"name": "Software PASvisu"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.1.2",
"product": {
"name": "Software PIT User Authentication Service \u003c 1.1.2",
"product_id": "CSAFPID-51008"
}
}
],
"category": "product_name",
"name": "Software PIT User Authentication Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3.0.0\u003c=3.0.1",
"product": {
"name": "Software SafetyEYE Configurator 3.0.0\u003c= 3.0.1",
"product_id": "CSAFPID-51009"
}
}
],
"category": "product_name",
"name": "Software SafetyEYE Configurator"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Pilz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
],
"summary": "Affected products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3935",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PAS4000, PASvisu, PIT User Authentication Service, PNOZsigma Configurator, PMIv8: Installthe fixed version as soon as it is available. Please visit the Pilz eShop(https://www.pilz.com/en-INT/eshop) to check for the fixed version.\nPASloto, Live Video Server, SafetyEYE Configurator, PMC programming tool: These productsare end-of-live, please follow the general countermeasures.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009"
]
}
],
"title": "CVE-2023-3935"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…