CVE-2021-20093

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

Link	Resource
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf	Mitigation Vendor Advisory
https://www.tenable.com/security/research/tra-2021-24	Exploit Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf	Patch Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02	Third Party Advisory US Government Resource

Configuration 1

cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:pss_cape:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_information_server:2019:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simit_simulation_platform:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simit_simulation_platform:10.3:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_oa:3.18:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_oa:3.17:-:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_process_historian:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_process_historian:2020:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_information_server:2020:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1:-:*:*:*:*:*:*

---

Published : 2021-06-16 12:15

Updated : 2022-10-06 05:43

---

NVD link : CVE-2021-20093

Mitre link : CVE-2021-20093

No products.

CWE-125

Out-of-bounds Read