critical
9.8
CWE
787 119
Advisory Published
Updated

CVE-2023-3935: Wibu: Buffer Overflow in CodeMeter Runtime

First published: Wed Sep 13 2023(Updated: )

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Credit: info@cert.vde.com

Affected SoftwareAffected VersionHow to fix
CodeMeter Runtime<7.60c
TRUMPF Oseon>=1.0.0<=3.0.22
Jtekt Kostac Plc Programming Software>=1.0.1<=4.6.3
Trumpf TecZone Bend>=18.02.r8<=23.06.01
Trumpf TruTops Unfold=05.03.00.00
Trumpf TruTops Calculation>=14.00<=22.00.00
TRUMPF LicenseExpert>=1.5.2<=1.11.1
Trumpf TruTops>=08.00<=12.01.00.00
Trumpf TruTops Cell Classic<=09.09.02
Trumpf TruTops Cell>=01.00<=02.26.0
Trumpf TruTops Mark 3D>=01.00<=06.01
Trumpf TruTops Boost>=06.00.23.00<=16.0.22
Trumpf TruTops Fab>=15.00.23.00<=22.8.25
Trumpf TruTops Fab>=14.06.20<=20.04.20.00
TRUMPF TruTops Print>=00.06.00<=01.00
TRUMPF TruTops Print>=01.02
Trumpf TruTops Weld>=7.0.198.241<=9.0.28148.1
Trumpf TubeDesign>=08.00<=14.06.150
Phoenix Contact Activation Wizard Moryx<=1.6
Phoenix Contact e-Mobility Charging Suite<=1.7.0
Phoenix Contact FL Network Manager<=7.0
Phoenix Contact IOL-CONF<=1.7.0
Phoenix Contact Module Type Package Designer<1.2.0
Phoenix Contact Module Type Package Designer=1.2.0-beta
Phoenix Contact PLCnext Engineer<=2023.6

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this heap buffer overflow vulnerability?

    The vulnerability ID for this heap buffer overflow vulnerability is CVE-2023-3935.

  • What is the severity of CVE-2023-3935?

    CVE-2023-3935 has a severity score of 9.8, which is considered critical.

  • How does CVE-2023-3935 impact Wibu CodeMeter Runtime network service?

    CVE-2023-3935 allows an unauthenticated, remote attacker to achieve remote code execution (RCE) and gain full access to the host system.

  • Which software versions are affected by CVE-2023-3935?

    The following software versions are affected by CVE-2023-3935: Wibu CodeMeter Runtime up to version 7.60b, Trumpf Oseon up to version 3.0.22, Trumpf ProgrammingTube up to version 4.6.3, Trumpf TecZone Bend up to version 23.06.01, Trumpf Tops Unfold version 05.03.00.00, Trumpf TopsCalculation up to version 22.00.00, Trumpf TrumpfLicenseExpert up to version 1.11.1, Trumpf TruTops up to version 12.01.00.00, Trumpf TruTops Cell Classic up to version 09.09.02, Trumpf TruTops Cell SW48 up to version 02.26.0, Trumpf TruTops Mark 3D up to version 06.01, Trumpf TruTopsBoost up to version 16.0.22, Trumpf TruTopsFab up to version 22.8.25, Trumpf TruTopsFab Storage SmallStore up to version 20.04.20.00, Trumpf TruTopsPrint up to version 01.00, Trumpf TruTopsPrintMultilaserAssistant starting from version 01.02, Trumpf TruTopsWeld up to version 9.0.28148.1, and Trumpf TubeDesign up to version 14.06.150.

  • Where can I find more information about CVE-2023-3935?

    You can find more information about CVE-2023-3935 at the following references: [link1], [link2], [link3].

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203