{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3935", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-07-25T13:02:40.206Z", "datePublished": "2023-09-13T13:19:18.392Z", "dateUpdated": "2025-05-01T03:55:09.776Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CodeMeter Runtime", "vendor": "Wibu", "versions": [{"lessThanOrEqual": "7.60b", "status": "affected", "version": "0.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "CodeMeter Runtime", "vendor": "Wibu", "versions": [{"status": "unaffected", "version": "7.21g"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."}], "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-09-19T07:00:20.911Z"}, "references": [{"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"}], "source": {"defect": ["CERT@VDE#64566"], "discovery": "UNKNOWN"}, "title": "Wibu: Buffer Overflow in CodeMeter Runtime", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.775Z"}, "title": "CVE Program Container", "references": [{"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-031/", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-030/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": ""}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2023-3935"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T03:55:09.776Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-031/", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-030/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.775Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-26T21:50:55.835781Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-26T20:36:59.547Z"}}], "cna": {"title": "Wibu: Buffer Overflow in CodeMeter Runtime", "source": {"defect": ["CERT@VDE#64566"], "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wibu", "product": "CodeMeter Runtime", "versions": [{"status": "affected", "version": "0.0", "versionType": "custom", "lessThanOrEqual": "7.60b"}], "defaultStatus": "unaffected"}, {"vendor": "Wibu", "product": "CodeMeter Runtime", "versions": [{"status": "unaffected", "version": "7.21g"}], "defaultStatus": "affected"}], "references": [{"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.", "supportingMedia": [{"type": "text/html", "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-09-19T07:00:20.911Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3935", "state": "PUBLISHED", "dateUpdated": "2025-05-01T03:55:09.776Z", "dateReserved": "2023-07-25T13:02:40.206Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-09-13T13:19:18.392Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F783582-7E13-457E-96E9-8FD2D58580F5", "versionEndExcluding": "7.60c", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BCF0613-5F59-4DAA-9DDB-A9322892353A", "versionEndIncluding": "3.0.22", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*", "matchCriteriaId": "9648C643-3213-4D0B-A3E0-6C4A092E8DAE", "versionEndIncluding": "4.6.3", "versionStartIncluding": "1.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*", "matchCriteriaId": "56F0DB5E-5F18-4DA4-9488-242351FE5994", "versionEndIncluding": "23.06.01", "versionStartIncluding": "18.02.r8", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "926A92BB-2001-4176-9F73-F7F40F4D58CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*", "matchCriteriaId": "903A6767-5E6D-4E98-A756-A3FC99BAF13F", "versionEndIncluding": "22.00.00", "versionStartIncluding": "14.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*", "matchCriteriaId": "54F8DF4D-3C69-4117-88A4-9C0F6838C7DD", "versionEndIncluding": "1.11.1", "versionStartIncluding": "1.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*", "matchCriteriaId": "8360F8C5-1F88-420F-91B2-C75EC8A97A0C", "versionEndIncluding": "12.01.00.00", "versionStartIncluding": "08.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "3240055F-E26E-4BE9-89A9-D50A6FA5E8F1", "versionEndIncluding": "09.09.02", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CD0343C-7A91-4CF7-B70B-CB2569FFE679", "versionEndIncluding": "02.26.0", "versionStartIncluding": "01.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB6D30E6-031C-4104-A573-2FD3773E1CDF", "versionEndIncluding": "06.01", "versionStartIncluding": "01.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*", "matchCriteriaId": "B55ED3C4-B111-4A8C-BB9F-A50FCCC38432", "versionEndIncluding": "16.0.22", "versionStartIncluding": "06.00.23.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4180D87-1915-4868-9328-D310282DD7C4", "versionEndIncluding": "22.8.25", "versionStartIncluding": "15.00.23.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C7823FE-A87C-494B-AB35-AB2830884282", "versionEndIncluding": "20.04.20.00", "versionStartIncluding": "14.06.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*", "matchCriteriaId": "A257AA96-76DA-47CC-A3BA-3CCFB719C62E", "versionEndIncluding": "01.00", "versionStartIncluding": "00.06.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*", "matchCriteriaId": "607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1", "versionStartIncluding": "01.02", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*", "matchCriteriaId": "1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9", "versionEndIncluding": "9.0.28148.1", "versionStartIncluding": "7.0.198.241", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*", "matchCriteriaId": "D88C313D-95E2-44EA-A895-F4CA659A5846", "versionEndIncluding": "14.06.150", "versionStartIncluding": "08.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*", "matchCriteriaId": "E8198A71-1EA7-4DAC-8D4F-EB646A0DC635", "versionEndIncluding": "1.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8751F63-3D03-434A-BF4E-67320F6672FD", "versionEndIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*", "matchCriteriaId": "907E5EB3-8346-4371-9CFF-0F885CC0529E", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9659319-4AEC-4112-9EAC-7892C0A37AA8", "versionEndExcluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*", "matchCriteriaId": "BB44DD6D-7685-4346-91BC-30CB9531982A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*", "matchCriteriaId": "170FABD2-23D5-4885-AA09-B4130F945564", "versionEndIncluding": "2023.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."}, {"lang": "es", "value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n."}], "id": "CVE-2023-3935", "lastModified": "2024-11-21T08:18:21.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-09-13T14:15:09.147", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"}, {"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-030/"}, {"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-031/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-030/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-031/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}