CVE-2021-41057Link Following in Codemeter Runtime

CWE-59Link Following3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 76.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Siemens PSS ESiemens PSS OdmsSiemens Sicam 230+6 more
Timeline
PublishedNov 14
Latest updateMay 24

Description

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages9 packages

NVDsiemens/pss_e34.0.034.9.1+1
NVDsiemens/pss_odms< 12.2.6.1

🔴Vulnerability Details

2
GHSA
GHSA-vm84-hxmh-36rv: In WIBU CodeMeter Runtime before 72022-05-24
CVEList
CVE-2021-41057: In WIBU CodeMeter Runtime before 72021-11-14
CVE-2021-41057 — Link Following in Codemeter Runtime | cvebase