CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 9.1 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). 3.2.2 BUFFER OVER-READ CWE-126Īn attacker could send a specially crafted packet that could crash the server or direct the CodeMeter Runtime Network Server to send back packets containing data from the heap.ĬVE-2021-20093 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.2 VULNERABILITY OVERVIEW 3.2.1 BUFFER OVER-READ CWE-126Īn attacker could send a specially crafted packet to the CodeMeter Runtime CmWAN server to cause a denial-of-service condition.ĬVE-2021-20094 has been assigned to this vulnerability. This license manager is used in the products of many different vendors. CodeMeter Runtime: All versions prior to v7.21a.
The following versions of CodeMeter Runtime, a license manager, are affected: Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).
ATTENTION: Exploitable remotely/low attack complexity.
