SSA-455843 (Last Update: 2020-11-10): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products


2020-11-10 00:00:00 UTC


CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.

The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.

Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.