CVE-2020-14509
First published: Wed Sep 16 2020(Updated: )
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wibu Codemeter | <7.10 | |
| Wibu-Systems AG All versions prior to 7.10a are affected by CVE-2020-14509 and CVE-2020-14519 | ||
| Wibu-Systems AG All versions prior to 7.10a are affected by CVE-2020-14517 | ||
| Wibu-Systems AG All versions prior to 7.10 are affected by CVE-2020-16233 | ||
| Wibu-Systems AG All versions prior to 6.81 are affected by CVE-2020-14513 | ||
| Wibu-Systems AG All versions prior to 6.90 are affected by CVE-2020-14515 when using CmActLicense update files with CmActLicense Firm Code |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14509 vulnerability?
CVE-2020-14509 is a set of multiple memory corruption vulnerabilities in CodeMeter software versions prior to 7.10, which can be exploited by sending specially crafted packets.
What is the severity of CVE-2020-14509?
The severity of CVE-2020-14509 vulnerability is critical, with a severity score of 9.8.
Which software versions are affected by CVE-2020-14509?
CodeMeter software versions prior to 7.10 are affected by CVE-2020-14509.
How can CVE-2020-14509 be exploited?
CVE-2020-14509 can be exploited by an attacker who sends specially crafted packets to the vulnerable CodeMeter software.
Where can I find more information about CVE-2020-14509 vulnerability?
You can find more information about CVE-2020-14509 vulnerability at the following reference: [https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01](https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01)
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/softwarecombine
- agent/references
- agent/severity
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/wibu
- canonical/wibu codemeter
- vendor/wibu-systems ag
- canonical/wibu-systems ag all versions prior to 7.10a are affected by cve-2020-14509 and cve-2020-14519
- canonical/wibu-systems ag all versions prior to 7.10a are affected by cve-2020-14517
- canonical/wibu-systems ag all versions prior to 7.10 are affected by cve-2020-16233
- canonical/wibu-systems ag all versions prior to 6.81 are affected by cve-2020-14513
- canonical/wibu-systems ag all versions prior to 6.90 are affected by cve-2020-14515 when using cmactlicense update files with cmactlicense firm code