CVE-2021-20094

moderate-risk
Published 2021-06-16

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

Do I need to act?

~
6.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (3)

Codemeter
Pss Cape
Sicam 230 Firmware

Affected Vendors

Siemens Wibu

References (8)

Mitigation https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-...
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02
Exploit https://www.tenable.com/security/research/tra-2021-24
Mitigation https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-...
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02
Exploit https://www.tenable.com/security/research/tra-2021-24
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 9/34 · Low
Exposure 9/34 · Low