WIBU Systems CodeMeter Runtime Vulnerabilities in Rexroth Products


2020-09-25 00:00:00 UTC


BOSCH-SA-231483: A set of 6 vulnerabilities affect multiple versions of the WIBU Systems CodeMeter Runtime Software. This software is used by multiple Rexroth Products and Bosch Rexroth customers for license management. In order to successfully exploit these vulnerabilities an attacker requires access to the network or system. One vulnerability (CVE-2020-14509) is notably critical as it can easily be exploited by crafting packets sent over any network. The successful exploitation of these vulnerabilities can lead to DoS (CVE-2020-14513 CVE-2020-14509) remote code execution (CVE-2020-14509) bypassed encryption (CVE-2020-14517) heap leak on the licensing server-side (CVE-2020-16233) and manipulation or forgery of license files (CVE-2020-14519 CVE-2020-14515). Bosch Rexroth recommends to update vulnerable components using the CodeMeter Runtime to version 7.10a. These vulnerabilities do not affect the CodeMeter Embedded Software.