Vulnerabilities > CVE-2023-3935 - Out-of-bounds Write vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2023-09-13

Updated: 2024-01-25

Summary

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Vulnerable Configurations

Part	Description	Count
Application	Wibu Wibu Codemeter Runtime 5.10C	1
Application	Trumpf Trumpf Tubedesign 08.00 Trumpf Tubedesign 14.06.150 Trumpf Trutopsweld 7.0.198.241 Trumpf Trutopsweld 9.0.28148.1 Trumpf Trutopsprintmultilaserassistant 01.02 Trumpf Trutopsprint 00.06.00 Trumpf Trutopsprint 01.00 Trumpf Trutops Mark 3D 01.00 Trumpf Trutops Mark 3D 06.01 Trumpf Trutopsfab Storage Smallstore 14.06.20 Trumpf Trutopsfab Storage Smallstore 20.04.20.00 Trumpf Trutopsfab 15.00.23.00 Trumpf Trutopsfab 22.8.25 Trumpf Trutops Cell Sw48 01.00 Trumpf Trutops Cell Sw48 02.26.0 Trumpf Trutops Cell Classic 09.09.02 Trumpf Trutopsboost 06.00.23.00 Trumpf Trutopsboost 16.0.22 Trumpf Trutops 08.00 Trumpf Trutops 12.01.00.00 Trumpf Trumpflicenseexpert 1.5.2 Trumpf Trumpflicenseexpert 1.11.1 Trumpf Topscalculation 14.00 Trumpf Topscalculation 22.00.00 Trumpf Teczonebend 18.02.R8 Trumpf Teczonebend 23.06.01 Trumpf Tops Unfold 05.03.00.00 Trumpf Programmingtube 1.0.1 Trumpf Programmingtube 4.6.3 Trumpf Oseon 1.0.0 Trumpf Oseon 1.6 Trumpf Oseon 3.0.22	32
Application	Phoenixcontact Phoenixcontact Module Type Package Designer 1.2.0 Phoenixcontact Module Type Package Designer * Phoenixcontact Activation Wizard * Phoenixcontact Plcnext Engineer - Phoenixcontact Plcnext Engineer 2020-3-1 Phoenixcontact IOL Conf - Phoenixcontact IOL Conf 1.7.0 Phoenixcontact FL Network Manager - Phoenixcontact FL Network Manager 7.0 Phoenixcontact E Mobility Charging Suite *	10

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References