CVE-2021-20094
published 2021-06-16CVE-2021-20094: A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
4.67%
90.6th percentile
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wibu | codemeter | < 7.21a | 7.21a |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fm8v-xp26-8h3q: A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7
ghsa_unreviewed·2022-05-24
CVE-2021-20094 [HIGH] CWE-125 GHSA-fm8v-xp26-8h3q: A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.
CISA ICS
Siemens Desigo CC product family
cisa_ics·2023-11-16·CVSS 9.1
[CRITICAL] Siemens Desigo CC product family
ICS Advisory
##
Siemens Desigo CC product family
Release DateNovember 16, 2023
Alert CodeICSA-23-320-03
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: Siemens
- Equipment: Desigo CC product family
- Vulnerabilities: Buffer Over-Read, Heap-Based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary c
CISA ICS
Wibu-Systems CodeMeter Runtime
cisa_ics·2021-07-29·CVSS 9.1
[CRITICAL] Wibu-Systems CodeMeter Runtime
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Wibu-Systems CodeMeter Runtime
Last RevisedJuly 29, 2021
Alert CodeICSA-21-210-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Wibu-Systems AG
- Equipment: CodeMeter Runtime
- Vulnerabilities: Buffer Over-read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of CodeMete
No detection rules found.
No public exploits indexed.
Tenable
Multiple Vulnerabilities in Wibu-Systems CodeMeter
blogs_tenable·2021-06-15
Multiple Vulnerabilities in Wibu-Systems CodeMeter
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2020-37017 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2020-37017 [HIGH] CVE-2020-37017 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-37017 :
Wibu-Systems CodeMeter vulnerability analysis and mitigation
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
Source : NVD
## 8.5
Score
Published January 29, 2026
Severity HIGH
CNA Score 8.5
Affected Technologies
Wibu-Systems CodeMeter
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:wibu:codemeter
Sources
NVD
Wind
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-210-02https://www.tenable.com/security/research/tra-2021-24https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-210-02https://www.tenable.com/security/research/tra-2021-24
2021-06-16
Published