CVE-2020-14509
published 2020-09-16CVE-2020-14509: Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.03%
78.6th percentile
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wibu | codemeter | < 7.10 | 7.10 |
| wibu | codemeter | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w97r-xg4x-xx2r: Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7
ghsa_unreviewed·2022-05-24
CVE-2020-14509 [CRITICAL] GHSA-w97r-xg4x-xx2r: Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
CISA ICS
CODESYS in Festo Automation Suite
cisa_ics·2026-03-17
CODESYS in Festo Automation Suite
ICS Advisory
##
CODESYS in Festo Automation Suite
Release DateMarch 17, 2026
Alert CodeICSA-26-076-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
3. TECHNICAL DETAILS
The following versions of CODESYS in Festo Automation Suite are affected:
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.5.16.10) vers:all/*
- FESTO Software Festo Automation Suite (2.8.0.137) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation
CISA ICS
Wibu-Systems CodeMeter (Update F)
cisa_ics·2021-02-11·CVSS 9.8
[CRITICAL] Wibu-Systems CodeMeter (Update F)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Wibu-Systems CodeMeter (Update F)
Last RevisedMarch 10, 2022
Alert CodeICSA-20-203-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Wibu-Systems AG
- Equipment: CodeMeter
- Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Sys
No detection rules found.
No public exploits indexed.
2020-09-16
Published