CVE-2020-14517
published 2020-09-16CVE-2020-14517: Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.67%
47.1th percentile
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wibu | codemeter | < 6.90 | 6.90 |
| wibu | codemeter | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
CODESYS in Festo Automation Suite
cisa_ics·2026-03-17
CODESYS in Festo Automation Suite
ICS Advisory
##
CODESYS in Festo Automation Suite
Release DateMarch 17, 2026
Alert CodeICSA-26-076-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
3. TECHNICAL DETAILS
The following versions of CODESYS in Festo Automation Suite are affected:
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.5.16.10) vers:all/*
- FESTO Software Festo Automation Suite (2.8.0.137) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation
CISA ICS
Wibu-Systems CodeMeter (Update F)
cisa_ics·2021-02-11·CVSS 9.8
[CRITICAL] Wibu-Systems CodeMeter (Update F)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Wibu-Systems CodeMeter (Update F)
Last RevisedMarch 10, 2022
Alert CodeICSA-20-203-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Wibu-Systems AG
- Equipment: CodeMeter
- Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Sys
GHSA
GHSA-hqvx-g6jw-22pw: Protocol encryption can be easily broken for CodeMeter (All versions prior to 6
ghsa_unreviewed·2022-05-24
CVE-2020-14517 [CRITICAL] CWE-327 GHSA-hqvx-g6jw-22pw: Protocol encryption can be easily broken for CodeMeter (All versions prior to 6
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
No detection rules found.
No public exploits indexed.
2020-09-16
Published