A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P
Vendors Products
Wibu
  • Codemeter
Siemens
  • Simatic Information Server
  • Simatic Wincc Oa
  • Pss Cape
  • Sinema Remote Connect Server
  • Simatic Pcs Neo
  • Simit Simulation Platform
  • Sicam 230 Firmware
  • Simatic Process Historian
  • Sinec Infrastructure Network Services
  • Sicam 230

Configuration 1 [-]

cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:sicam_230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_230:-:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_information_server:2020:-:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:*
cpe:2.3:a:siemens:simit_simulation_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simit_simulation_platform:10.3:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_process_historian:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_process_historian:2020:-:*:*:*:*:*:*
References
Link Resource
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf Mitigation Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf Patch Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02 Third Party Advisory US Government Resource
https://www.tenable.com/security/research/tra-2021-24 Exploit Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2021-06-16T11:09:02

Updated: 2021-08-05T20:11:49

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20093

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-06-16T12:15:12.037

Modified: 2022-10-06T17:43:33.530

Link: CVE-2021-20093

JSON object: View

cve-icon Redhat Information

No data.

CWE