6.81

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

wibu

NVD

Published: 2020-09-16

Updated: 2024-11-21

Summary

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.

Vulnerable Configurations

Part	Description	Count
Application	Wibu Wibu Codemeter - Wibu Codemeter 6.50A Wibu Codemeter 6.81	3

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01