CVE-2023-3935

high-risk

Published 2023-09-13

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

Do I need to act?

0.41% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Codemeter Runtime

Oseon

Programmingtube

Teczonebend

Tops Unfold

Topscalculation

Trumpflicenseexpert

Trutops

Trutops Cell Classic

Trutops Cell Sw48

Trutops Mark 3D

Trutopsboost

Trutopsfab

Trutopsfab Storage Smallstore

Trutopsprint

Trutopsprintmultilaserassistant

Trutopsweld

Tubedesign

Activation Wizard

E-Mobility Charging Suite

Affected Vendors

Phoenixcontact Wibu Trumpf

References (6)

Vendor Advisory https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-2...

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2023-030/

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2023-031/

Vendor Advisory https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-2...

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2023-030/

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2023-031/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 21/34 · High