CVE-2023-3935
CRITICALCodeMeter Runtime < 7.60c - Unauthenticated Remote Code Execution via Heap Buffer Overflow
Title source: llmDescription
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References (3)
Core 3
Core References
Vendor Advisory
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-030/
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-031/
Scores
CVSS v3
9.8
EPSS
0.0150
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (25)
phoenixcontact/activation_wizard
< 1.6
phoenixcontact/e-mobility_charging_suite
< 1.7.0
phoenixcontact/fl_network_manager
< 7.0
phoenixcontact/iol-conf
< 1.7.0
phoenixcontact/module_type_package_designer
1.2.0 beta
phoenixcontact/module_type_package_designer
< 1.2.0
phoenixcontact/plcnext_engineer
< 2023.6
trumpf/oseon
1.0.0 - 3.0.22
trumpf/programmingtube
1.0.1 - 4.6.3
trumpf/teczonebend
18.02.r8 - 23.06.01
... and 15 more
Published
Sep 13, 2023
Tracked Since
Feb 18, 2026