CVE-2021-20093

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

9.1CRITICAL

EPSS

8.2%

top 7.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS NEO Siemens Simatic Process Historian Siemens Simit Simulation Platform +5 more

Timeline

PublishedJun 16

Latest updateMay 24

Description

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages9 packages

▶CVEListV5wibu-systems_codemeter< 7.21a

▶NVDwibu/codemeter7.21a

▶NVDsiemens/sinema_remote_connect_server< 3.0+1

▶NVDsiemens/simatic_information_server2019, 2020+1

▶NVDsiemens/simatic_pcs_neo< 3.1

Patches

Patch: cert-portal.siemens.com ↗Patch: www.tenable.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-m5xx-rgqg-j2m6: A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7↗2022-05-24

▶

CVEList

CVE-2021-20093: A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7↗2021-06-16

▶