CVE-2023-3935

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 38.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenixcontact Module Type Package Designer Wibu Codemeter Runtime Phoenixcontact Activation Wizard +21 more

Timeline

PublishedSep 13

Description

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages25 packages

▶NVDwibu/codemeter_runtime< 7.60c

▶CVEListV5wibu/codemeter_runtime0.0 — 7.60b

▶NVDphoenixcontact/fl_network_manager7.0

▶NVDphoenixcontact/module_type_package_designer< 1.2.0+1

▶NVDtrumpf/oseon1.0.0 — 3.0.22

🔴Vulnerability Details

GHSA

GHSA-c9rf-qf73-r46f: A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7↗2023-09-13

▶

CVEList

Wibu: Buffer Overflow in CodeMeter Runtime↗2023-09-13

▶