CVE-2020-16233
published 2020-09-16CVE-2020-16233: An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.84%
76.3th percentile
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wibu | codemeter | < 7.10 | 7.10 |
| wibu | codemeter | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8xr9-2r57-gg3h: An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7
ghsa_unreviewed·2022-05-24
CVE-2020-16233 [HIGH] GHSA-8xr9-2r57-gg3h: An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
CISA ICS
CODESYS in Festo Automation Suite
cisa_ics·2026-03-17
CODESYS in Festo Automation Suite
ICS Advisory
##
CODESYS in Festo Automation Suite
Release DateMarch 17, 2026
Alert CodeICSA-26-076-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
3. TECHNICAL DETAILS
The following versions of CODESYS in Festo Automation Suite are affected:
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.5.16.10) vers:all/*
- FESTO Software Festo Automation Suite (2.8.0.137) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation
CISA ICS
Wibu-Systems CodeMeter (Update F)
cisa_ics·2021-02-11·CVSS 9.8
[CRITICAL] Wibu-Systems CodeMeter (Update F)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Wibu-Systems CodeMeter (Update F)
Last RevisedMarch 10, 2022
Alert CodeICSA-20-203-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Wibu-Systems AG
- Equipment: CodeMeter
- Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Sys
No detection rules found.
No public exploits indexed.
Tenable
A Practical Way To Reduce Risk on the Shop Floor
blogs_tenable·2023-06-27
A Practical Way To Reduce Risk on the Shop Floor
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Management (CSPM)
Compliance
Cyber insurance
Data Security Posture Management (DSPM)
Google Cloud security
Infrastructure as Code (IaC) security
Kubernetes Security Posture Management (KSPM)
OT / IT
Ransomware
Vulnerability assessment
Vulnerability management
Zero trust
## Industries
Educational institutions
Energy
Banks and financial services
Healthcare
Retail
More industries
## Compliance
Critical infrastructure regulations
FISMA
HIPAA
NERC CIP
NIS directi
Tenable
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
blogs_tenable·2020-09-29
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2020-37017 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2020-37017 [HIGH] CVE-2020-37017 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-37017 :
Wibu-Systems CodeMeter vulnerability analysis and mitigation
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
Source : NVD
## 8.5
Score
Published January 29, 2026
Severity HIGH
CNA Score 8.5
Affected Technologies
Wibu-Systems CodeMeter
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:wibu:codemeter
Sources
NVD
Wind
2020-09-16
Published