CVE-2023-3935

CRITICAL

CodeMeter Runtime < 7.60c - Unauthenticated Remote Code Execution via Heap Buffer Overflow

Title source: llm
STIX 2.1

Description

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Scores

CVSS v3 9.8
EPSS 0.0150
EPSS Percentile 71.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (25)
phoenixcontact/activation_wizard < 1.6
phoenixcontact/e-mobility_charging_suite < 1.7.0
phoenixcontact/fl_network_manager < 7.0
phoenixcontact/iol-conf < 1.7.0
phoenixcontact/module_type_package_designer 1.2.0 beta
phoenixcontact/module_type_package_designer < 1.2.0
phoenixcontact/plcnext_engineer < 2023.6
trumpf/oseon 1.0.0 - 3.0.22
trumpf/programmingtube 1.0.1 - 4.6.3
trumpf/teczonebend 18.02.r8 - 23.06.01
... and 15 more
Published Sep 13, 2023
Tracked Since Feb 18, 2026