WIBU SYSTEMS CODEMETER SOFTWARE
Impact: A specially crafted license file may cause a crash in the CodeMeter and the software using it.ĬVE description: CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.ĬVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
WIBU SYSTEMS CODEMETER UPDATE
Vulnerability: Improper input validation of update files in CodeMeter Runtime. Another alternative is to restrict the functions of the CodeMeter Runtime software by binding its communication to the localhost. The new version is readily available for registered customers as prior versionsīosch Rexroth strongly recommends to operate the Laser Localization Software, ActiveAssist as well as the CodeMeter License Server host machine in a closed network with limited access to the system. It is recommended to update prior versions. It is recommended that all instances using prior versions are updated to this software version once it is made available.Ī new version 1.1 of the installation package for the extension module Tool localization of ActiveAssist is available as of September 24, 2020. The second mitigation alternative is to deactivate access to the WebSocket API (this must be performed on the licensing server-side).Ī new version of the Laser Localization Software (i.e. Laser Localization Software version 1.2) is expected to be available in October 2020.
The first is to employ Rexroth Products and their Licensing functions within a closed and/or secure network environment (as described below). If an update is not possible in a timely manner, two mitigation approaches can be followed. It is strongly recommended that customers update the WIBU Systems CodeMeter Runtime Software hosted in their machines to version Rexroth Laser Localization Software < 1.2 Rexroth ActiveAssist Tool localization extension module < 1.1 These vulnerabilities do not affect the CodeMeter Embedded Software.
WIBU SYSTEMS CODEMETER CODE
The successful exploitation of these vulnerabilities can lead to DoS (CVE-2020-14513, CVE-2020-14509), remote code execution (CVE-2020-14509), bypassed encryption (CVE-2020-14517), heap leak on the licensing server-side (CVE-2020-16233) and manipulation or forgery of license files (CVE-2020-14519, CVE-2020-14515).īosch Rexroth recommends to update vulnerable components using the CodeMeter Runtime to version One vulnerability (CVE-2020-14509) is notably critical, as it can easily be exploited by crafting packets sent over any network. In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. This software is used by multiple Rexroth Products and Bosch Rexroth customers for license management. A set of 6 vulnerabilities affect multiple versions of the WIBU Systems CodeMeter Runtime Software.
0 kommentar(er)
