CVE-2021-20093: A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap…

critical9.1CVSS 3.1

AVNACLPRNUINSUCHINAH

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
siemens	simatic_information_server	—	—
siemens	simatic_information_server	—	—
siemens	simatic_pcs_neo	< 3.1	3.1
siemens	simatic_process_historian	—	—
siemens	simatic_process_historian	>= 2019 < 2020	2020
siemens	simatic_wincc_oa	—	—
siemens	simatic_wincc_oa	—	—
siemens	simit_simulation_platform	—	—
siemens	simit_simulation_platform	>= 10.0 < 10.3	10.3
siemens	sinec_infrastructure_network_services	< 1.0.1.1	1.0.1.1
siemens	sinec_infrastructure_network_services	—	—
siemens	sinema_remote_connect_server	< 3.0	3.0
siemens	sinema_remote_connect_server	—	—
wibu	codemeter	<= 7.21a	—