Vulnerability Details : CVE-2023-3935
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2023-3935
- cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*
- cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*
- cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*
- cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*
- cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*
- Trumpf » Trutopsfab Storage SmallstoreVersions from including (>=) 14.06.20 and up to, including, (<=) 20.04.20.00cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*
- Trumpf » TrutopsweldVersions from including (>=) 7.0.198.241 and up to, including, (<=) 9.0.28148.1cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3935
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3935
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
CERT VDE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-3935
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- info@cert.vde.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-3935
-
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf
Vendor Advisory
-
https://cert.vde.com/en/advisories/VDE-2023-030/
VDE-2023-030 | CERT@VDEThird Party Advisory
-
https://cert.vde.com/en/advisories/VDE-2023-031/
VDE-2023-031 | CERT@VDEThird Party Advisory
Jump to