Several CODESYS setups contain and install vulnerable versions of the WIBU CodeMeter Runtime.



A vulnerability in the Wibu CodeMeter Runtime, which is part of the installation packages of
several Festo products, was found. This could lead to remote code execution and escalation of
privileges giving full admin access on the host system. 

Update A, 2023-12-05

  • removed "MES4 (v3)", "MES4 (<=v2)" and Energy-PC from affected products as they do not install the affected WIBU Codemeter release.



A heap-based buffer overflow caused by libcurl and wrong whitespace character interpretation
in Javascript, both used in CodeMeter Runtime affecting multiple products by PHOENIX CONTACT.



Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.



There is a misconfiguration of access rights to a configuration tool of the web-based-management for a specific user, which allows to reset passwords of other users (except root). This allows an authenticated attacker to elevate his privileges.



Multiple Weidmueller products are affected by recent WIBU vulnerability.



A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products.

TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18.

Affected products of TIA Portal contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system.



An attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.



Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0