CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Published: Sep 13, 2023
Updated: Sep 15, 2023
CVE: CVE-2023-3935
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
wibu / codemeter_runtime	-	7.60c
trumpf / tubedesign	08.00	14.06.150.x
trumpf / trutopsweld	7.0.198.241	9.0.28148.1.x
trumpf / trutopsprintmultilaserassistant	01.02	01.02.x
trumpf / trutopsprint	00.06.00	01.00.x
trumpf / trutops_mark_3d	01.00	06.01.x
trumpf / trutopsfab_storage_smallstore	14.06.20	20.04.20.00.x
trumpf / trutopsfab	15.00.23.00	22.8.25.x
trumpf / trutops_cell_sw48	01.00	02.26.0.x
trumpf / trutops_cell_classic	-	09.09.02.x
trumpf / trutopsboost	06.00.23.00	16.0.22.x
trumpf / trutops	08.00	12.01.00.00.x
trumpf / trumpflicenseexpert	1.5.2	1.11.1.x
trumpf / topscalculation	14.00	22.00.00.x
trumpf / teczonebend	18.02.r8	23.06.01.x
trumpf / tops_unfold	05.03.00.00	05.03.00.00.x
trumpf / programmingtube	1.0.1	4.6.3.x
trumpf / oseon	1.0.0	3.0.22.x
phoenixcontact / module_type_package_designer	1.2.0-beta	1.2.0-beta.x
phoenixcontact / module_type_package_designer	-	1.2.0
phoenixcontact / activation_wizard	-	1.6.x
phoenixcontact / plcnext_engineer	-	2023.6.x
phoenixcontact / iol-conf	-	1.7.0.x
phoenixcontact / fl_network_manager	-	7.0.x
phoenixcontact / e-mobility_charging_suite	-	1.7.0.x

Vulnerability Database

CVE-2023-3935

Deep Security Visibility Without the Complexity