VMT Advisory Feed by CERT@VDEhttps://cert.vde.com/en/advisories/2020-09-10T13:22:00+00:00Feed for VMT Advisories by CERT@VDEPepperl+Fuchs/VMT: VMT MSS and VMT IS - Several vulnerabilities in products utilizing WIBU-SYSTEMS CodeMeter components2020-09-10T13:22:00+00:002020-09-10T13:22:00+00:00CERTVDEhttps://cert.vde.com/en/advisories/author/certuser/https://cert.vde.com/en/advisories/VDE-2020-034/<h4>VDE-2020-034</h4>
<h4>Vendor(s)</h4>Pepperl+Fuchs SE<br/>VMT GmbH<br><h4>Product(s)</h4><table> <tbody> <tr> <th>Article No°</th> <th>Product Name</th> <th>Affected Version(s)</th> </tr></tbody></table><p><h4>Vulnerabilities:</h4>⠀CVE-2020-16233: 7.5 (CVSS:3.1)<br>⠀CVE-2020-14509: 9.8 (CVSS:3.1)<br>⠀CVE-2020-14519: 7.5 (CVSS:3.1)<br>⠀CVE-2020-14513: 7.5 (CVSS:3.1)<br>⠀CVE-2020-14517: 9.8 (CVSS:3.1)<br>⠀CVE-2020-14515: 7.5 (CVSS:3.1)<br><h4>Summary</h4><p>Several vulnerabilities have been discovered in the utilized component WIBU-SYSTEMS CodeMeter Runtime.</p>
<p>For detailed information please refer to WIBU-SYSTEMS original Advisories at<span> </span><a href="https://wibu.com/support/security-advisories.html" rel="noopener" target="_blank">https://wibu.com/support/security-advisories.html</a></p><h4>Impact</h4><p>Pepperl+Fuchs analyzed and identified affected products.<br>Products are affected according to WIBU-Systems classification.</p><h4>Solution</h4><p><strong>For VMT MSS</strong><br>Update to WIBU Systems CodeMeter Runtime 7.10 or newer.</p>
<p><br><strong>For VMT IS</strong><br>Please contact VMT GmbH to receive support for the product update process.</p>
<p>In general and without any update, this product can be operated in a secure local network that has no connection to an untrusted network, like internet or global corporate IT-net.</p><p><h4>URL</h4><a href="https://cert.vde.com/en/advisories/VDE-2020-034/" target=_new>https://cert.vde.com/en/advisories/VDE-2020-034/</a>