WebSockets API Vulnerability in CodeMeter by WIBU-SYSTEMS
CVE-2020-14519

7.5HIGH

Key Information:

Vendor: Wibu
Status: Codemeter
Vendor: CVE Published:; 16 September 2020

What is CVE-2020-14519?

This vulnerability in CodeMeter, particularly affecting its internal WebSockets API, allows an attacker to craft a specific JavaScript payload. When exploited, this can lead to the alteration or creation of license files, especially on systems using a web browser for server access. The risk is amplified when combined with other vulnerabilities such as CVE-2020-14515. Users are advised to disable the affected WebSockets API or upgrade to a secure version to mitigate risks.

Affected Version(s)

CodeMeter All versions prior to 7.00, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server.

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2020
Vulnerability Reserved
Jun 19, 2020

Wibu

What is CVE-2020-14519?

Affected Version(s)

References

CVSS V3.1

Timeline