CVE-2021-20093 — CRITICAL (9.1)

Q: How severe is CVE-2021-20093?

CVE-2021-20093 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-20093?

Check the references section above for vendor advisories and patch information. Affected products include: Wibu Codemeter, Siemens Pss Cape, Siemens Sicam 230 Firmware, Siemens Sicam 230, Siemens Simatic Information Server.

Vulnerability Description

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wibu	Codemeter	<= 7.21a
Siemens	Pss Cape	-
Siemens	Sicam 230 Firmware	All versions
Siemens	Sicam 230	-
Siemens	Simatic Information Server	2019
Siemens	Simatic Pcs Neo	< 3.1
Siemens	Simatic Wincc Oa	3.17
Siemens	Simit Simulation Platform	>= 10.0, < 10.3
Siemens	Sinec Infrastructure Network Services	< 1.0.1.1
Siemens	Sinema Remote Connect Server	< 3.0
Siemens	Simatic Process Historian	>= 2019, < 2020

Related Weaknesses (CWE)

CWE-125

References

https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-MitigationVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfPatchThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02Third Party AdvisoryUS Government Resource
https://www.tenable.com/security/research/tra-2021-24ExploitPatchThird Party Advisory
https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-MitigationVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfPatchThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02Third Party AdvisoryUS Government Resource
https://www.tenable.com/security/research/tra-2021-24ExploitPatchThird Party Advisory

FAQ

What is CVE-2021-20093?

CVE-2021-20093 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Ru...

How severe is CVE-2021-20093?

CVE-2021-20093 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-20093?

Check the references section above for vendor advisories and patch information. Affected products include: Wibu Codemeter, Siemens Pss Cape, Siemens Sicam 230 Firmware, Siemens Sicam 230, Siemens Simatic Information Server.