In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
2021-11-14T21:15:07.797
2024-11-21T06:25:21.627
Modified
CVSSv3.1: 7.1 (HIGH)
AV:L/AC:L/Au:N/C:N/I:P/A:P
3.9
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | wibu | codemeter_runtime | < 7.30a | Yes |
| Operating System | microsoft | windows | - | No |
| Application | siemens | pss_cape | 14 | Yes |
| Application | siemens | pss_e | < 34.9.1 | Yes |
| Application | siemens | pss_e | < 35.3.2 | Yes |
| Application | siemens | pss_odms | < 12.2.6.1 | Yes |
| Application | siemens | sicam_230 | < 8.0 | Yes |
| Application | siemens | simatic_information_server | < 2019 | Yes |
| Application | siemens | simatic_information_server | 2019 | Yes |
| Application | siemens | simatic_information_server | 2019 | Yes |
| Application | siemens | simatic_pcs_neo | * | Yes |
| Application | siemens | simatic_process_historian | ≤ 2019 | Yes |
| Application | siemens | simatic_wincc_oa | ≤ 3.18 | Yes |
| Application | siemens | simit | ≤ 10.0 | Yes |