Buffer Over-Read Vulnerability in Wibu-Systems CodeMeter
CVE-2021-20093

9.1CRITICAL

Key Information:

Vendor

Wibu

Status
Wibu-systems Codemeter
Vendor
CVE Published:
16 June 2021

What is CVE-2021-20093?

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions prior to 7.21a, allowing remote attackers without authentication to potentially disclose sensitive heap memory contents or crash the CodeMeter Runtime Server. This vulnerability can be exploited to gain unauthorized access to the system, emphasizing the importance of regular updates and security practices.

Affected Version(s)

Wibu-Systems CodeMeter < 7.21a

References

https://www.tenable.com/security/research/tra-2021-24
x_refsource_MISC
https://cdn.wibu.com/fileadmin/wibu_downloads/security_ad...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-67530...
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.