Vulnerability Details : CVE-2023-4701
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.
Products affected by CVE-2023-4701
- cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*
- Trumpf » Trutopsfab Storage SmallstoreVersions from including (>=) 14.06.20 and up to, including, (<=) 20.04.20.00cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*
- Trumpf » TrutopsweldVersions from including (>=) 7.0.198.241 and up to, including, (<=) 9.0.28148.1cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*
- cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4701
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4701
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
CERT VDE | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2023-4701
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: info@cert.vde.com (Primary)
References for CVE-2023-4701
-
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf
Vendor Advisory
-
https://cert.vde.com/en/advisories/VDE-2023-030/
VDE-2023-030 | CERT@VDE
-
https://cert.vde.com/en/advisories/VDE-2023-031/
VDE-2023-031 | CERT@VDEThird Party Advisory
Jump to