Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18
WIBU-SYSTEMS WibuKey network server management remote code execution vulnerability
The vulnerability affects all operating systems and allows the potential execution of code on network accessible WibuKey network servers. Only the systems on which a WibuKey network server is running are affected. This applies to systems that provide licenses for an attached WibuBox in the network for use by other clients.
WIBU-SYSTEMS WibuKey.sys pool has a corruption privilege escalation vulnerability.
The vulnerability affects Windows systems and allows potential unauthorized privilege escalation on the local system.
WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
a) Dongle based licensing
Update WibuKey Runtime to version 6.50. See: https://www.wibu.com/support/user/downloads-user-software.html
b) Hardwarecode-based licensing
Removing the WibuKey application.
For further information please refer to:
PHOENIX CONTACT Energy Automation GmbH was informed about this vulnerabilities by WIBU-SYSTEMS AG.