If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port can reduce the risk.
The network server is disabled by default. With binding to localhost an attack is no longer possible via remote network connection. Run CodeMeter as client only and use localhost as binding for the CodeMeter communication.Wibu-Systems recommends the following mitigations: Tenable, Inc., reported these vulnerabilities to CISA. CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 9.1 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). 3.2.2 BUFFER OVER-READ CWE-126Īn attacker could send a specially crafted packet that could crash the server or direct the CodeMeter Runtime Network Server to send back packets containing data from the heap.ĬVE-2021-20093 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2 VULNERABILITY OVERVIEW 3.2.1 BUFFER OVER-READ CWE-126Īn attacker could send a specially crafted packet to the CodeMeter Runtime CmWAN server to cause a denial-of-service condition.ĬVE-2021-20094 has been assigned to this vulnerability. This license manager is used in the products of many different vendors. CodeMeter Runtime: All versions prior to v7.21a.The following versions of CodeMeter Runtime, a license manager, are affected: Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe). ATTENTION: Exploitable remotely/low attack complexity.It also seems that no programs have been affected by it so far by disabling that. Right now it is only disabled in mscofig as I am unable to find any way to uninstall it because it is not listed in "Programs and Features". I was wondering if there are programs out there that use the Codemeeter Runtime without needing a CM key. Very few people have even directly seen this pc. In your Control Panel > uninstall Programs > it is listed as either Codemeter Runtime Kit or Wibu-Sysems. If you do not use any such software, you can safely delete it. Or if you have installed 'demo' versions of such programs to check out its suitability, Codemeter will still be installed as part of the installation. Perhaps, in the past, someone borrowed your pc and installed a software that requires USB dongle keys. I use Dataton Watchout, and Codemeter looks for my Watchout USB key when I want to access Display computers running the fullscreen Display version of Watchout (for fullscreen multidisplay presentations like dome projections, panoramic presentations, etc). You are correct that it is a software licence that looks for a USB key in order to run a program.
0 kommentar(er)
