A vulnerability in the Wibu CodeMeter Runtime, which is part of the installation packages of
several Festo products, was found. This could lead to remote code execution and escalation of
privileges giving full admin access on the host system. 

Update A, 2023-12-05

  • removed "MES4 (v3)", "MES4 (<=v2)" and Energy-PC from affected products as they do not install the affected WIBU Codemeter release.

A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products.

TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18.

Affected products of TIA Portal contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system.

A vulnerability in the Video.js package could allow a user of LX Appliance, with a high privilege account (i.e., with the "Teacher" role), to craft a malicious course and launch an XSS attack.

Festo: Several vulnerabilities in FactoryViews

FactoryViews bundles many third-party applications which are used in background processes to provide the software's features. From time to time, vulnerabilities in these bundled applications are discovered. These are typically fixed in newer versions of FactoryViews by updating the bundled applications.

FactoryViews versions up to and including 1.5.2 contain around 200 such vulnerabilities listed in this advisory.
Version 1.6.0 is a security rollup release which includes updates to all bundled applications and fixes these vulnerabilities.

At this time, FactoryViews Lite cannot be updated beyond version 1.1.
FactoryViews 1.7 will unify non-Lite and Lite versions and fix these vulnerabilities for users of FactoryViews Lite.

A vulnerability was reported in WIBU-SYSTEMS CodeMeter Runtime.
WIBU-SYSTEMS CodeMeter Runtime is part of the installation packages of several Festo products.
FluidDraw < 6.2c and CIROS <= 7.0.6 contain a vulnerable version of WIBU-SYSTEMS CodeMeter Runtime.


Nach Hersteller




(Scoring für CVSS 2.0,3.0+3.1)
Kein CVE verfügbar
0.1 <= 3.9
4.0 <= 6.9
7.0 <= 8.9
9.0 <= 10.0