SSA-455843 (Last Update: 2020-09-08): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products

Published

2020-09-08 00:00:00 UTC

Summary

CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.

The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.

Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.