Share: Email | Twitter

ID

VDE-2023-033

Published

2023-10-12 08:00 (CEST)

Last update

2023-12-05 07:51 (CET)

Vendor(s)

Pilz GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
PASloto <= 1.1.3
PMC programming tool 3.x.x 3.0.0 <= 3.5.18.2
266807, 266812, 266815 PMI v8xx <= 2.0.33992
PNOZsigma Configurator < 1.5.0
Software Live Video Server <= 1.1.0
Software PAS4000 < 1.26.0
Software PASvisu < 1.14.1
Software PIT User Authentication Service < 1.1.2
Software SafetyEYE Configurator 3.0.0 <= 3.0.1

Summary

Several Pilz products use the 3rd party component "CodeMeter Runtime" from WIBU-SYSTEM AG to manage software licenses. This component is affected by a vulnerability, which may enable an attacker to gain full control over the system running the software product. The vulnerability can be exploited locally or over the network.

Update A, 2023-12-05

  • changed affected version of "Software PASvisu < 1.15.0" to "Software PASvisu < 1.14.1"
  • removed CVE-2023-4701 because it was revoked.


Last Update:

Sept. 19, 2023, 8:50 a.m.

Weakness

Out-of-bounds Write  (CWE-787) 

Summary

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.


Impact

When running WIBU CodeMeter Runtime in non-server mode, a local user may grant themselves improper elevated privileges. When running in server mode, a remote attacker may gain full control over the system. By default, the CodeMeter Runtime is running in non-server mode.

Solution

General Countermeasures

  • Download and install CodeMeter Runtime version 7.60c or later from WIBU-SYSTEM’s website https://www.wibu.com/de/support.html.
  • When CodeMeter Runtime is used in server mode, restrict access on the network-level by using a firewall or comparable measures.
  • Restrict local access to authorized users only on the system running the CodeMeter runtime.
    Also deploy strong hardening measures and endpoint protection solutions.

Product-specific Countermeasures

  • PAS4000, PASvisu, PIT User Authentication Service, PNOZsigma Configurator, PMIv8: Install
    the fixed version as soon as it is available. Please visit the Pilz eShop
    (https://www.pilz.com/en-INT/eshop) to check for the fixed version.
  • PASloto, Live Video Server, SafetyEYE Configurator, PMC programming tool: These products
    are end-of-live, please follow the general countermeasures.

Reported by

Pilz would like to thank CERT@VDE for coordinating publication.