First published: Wed Sep 16 2020(Updated: )
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Wibu Codemeter | <7.10 | |
Wibu-Systems AG All versions prior to 7.10a are affected by CVE-2020-14509 and CVE-2020-14519 | ||
Wibu-Systems AG All versions prior to 7.10a are affected by CVE-2020-14517 | ||
Wibu-Systems AG All versions prior to 7.10 are affected by CVE-2020-16233 | ||
Wibu-Systems AG All versions prior to 6.81 are affected by CVE-2020-14513 | ||
Wibu-Systems AG All versions prior to 6.90 are affected by CVE-2020-14515 when using CmActLicense update files with CmActLicense Firm Code |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14509 is a set of multiple memory corruption vulnerabilities in CodeMeter software versions prior to 7.10, which can be exploited by sending specially crafted packets.
The severity of CVE-2020-14509 vulnerability is critical, with a severity score of 9.8.
CodeMeter software versions prior to 7.10 are affected by CVE-2020-14509.
CVE-2020-14509 can be exploited by an attacker who sends specially crafted packets to the vulnerable CodeMeter software.
You can find more information about CVE-2020-14509 vulnerability at the following reference: [https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01](https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01)